Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Sep 2020 21:00:10 +0100
From: Al Viro <>
To: Matthew Wilcox <>
Cc: Mickaël Salaün <>,
	Mimi Zohar <>,,
	Aleksa Sarai <>,
	Alexei Starovoitov <>,
	Andrew Morton <>,
	Andy Lutomirski <>, Arnd Bergmann <>,
	Casey Schaufler <>,
	Christian Brauner <>,
	Christian Heimes <>,
	Daniel Borkmann <>,
	Deven Bowers <>,
	Dmitry Vyukov <>,
	Eric Biggers <>,
	Eric Chiang <>,
	Florian Weimer <>,
	James Morris <>, Jan Kara <>,
	Jann Horn <>, Jonathan Corbet <>,
	Kees Cook <>,
	Lakshmi Ramasubramanian <>,
	Matthew Garrett <>,
	Michael Kerrisk <>,
	Miklos Szeredi <>,
	Philippe Trébuchet <>,
	Scott Shell <>,
	Sean Christopherson <>,
	Shuah Khan <>, Steve Dower <>,
	Steve Grubb <>,
	Tetsuo Handa <>,
	Thibaut Sautereau <>,
	Vincent Strubel <>,,,,,
Subject: Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)

On Thu, Sep 10, 2020 at 07:40:33PM +0100, Matthew Wilcox wrote:
> On Thu, Sep 10, 2020 at 08:38:21PM +0200, Mickaël Salaün wrote:
> > There is also the use case of noexec mounts and file permissions. From
> > user space point of view, it doesn't matter which kernel component is in
> > charge of defining the policy. The syscall should then not be tied with
> > a verification/integrity/signature/appraisal vocabulary, but simply an
> > access control one.
> permission()?

int lsm(int fd, const char *how, char *error, int size);

Seriously, this is "ask LSM to apply special policy to file"; let's
_not_ mess with flags, etc. for that; give it decent bandwidth
and since it's completely opaque for the rest of the kernel,
just a pass a string to be parsed by LSM as it sees fit.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.