From: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: Richard Yao <ryao-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: Why not make kdbus use CUSE?
Date: Tue, 2 Dec 2014 09:26:12 -0800 [thread overview]
Message-ID: <20141202172612.GA8958@kroah.com> (raw)
In-Reply-To: <547DAEF3.1090106-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
On Tue, Dec 02, 2014 at 07:22:11AM -0500, Richard Yao wrote:
> Assuming that this dance succeeds, the FUSE process could then make a
> readonly file in itself, open it read only, unlink it, put the data into
> the file and send the file descriptor via UNIX domain socket while
> refusing further writes. If it has its own user/group, the file should
> be safe from prying eyes.
>
> This is not as good as a memfd and also suffers from the race that
> O_TMPFILE was meant to close, but it should be able to function as a
> decent fallback.
We can't knowingly create and advocate for broken code, sorry.
> This would preserve portability across not only
> different versions of Linux, but also other POSIX systems.
I honestly do not care about any other system than Linux, so I don't see
why this would ever be an issue.
> Keeping the code in userspace would allow us to apply SELinux policies
> to it, which is something that we would lose if it were go to into the
> kernel.
On the contrary, the kdbusfs implementation gives you better security
model support than before, it ties directly into the LSM hooks, see the
add-on patches from some other developers that bring full support of LSM
to the codebase.
> That said, it is still not clear to me that dbus must be inside the
> kernel to be able to perform multicast and zero copy using memfd.
It seems you have yet to read my introductory email for the patch
series.
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Richard Yao <ryao@gentoo.org>
Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org
Subject: Re: Why not make kdbus use CUSE?
Date: Tue, 2 Dec 2014 09:26:12 -0800 [thread overview]
Message-ID: <20141202172612.GA8958@kroah.com> (raw)
In-Reply-To: <547DAEF3.1090106@gentoo.org>
On Tue, Dec 02, 2014 at 07:22:11AM -0500, Richard Yao wrote:
> Assuming that this dance succeeds, the FUSE process could then make a
> readonly file in itself, open it read only, unlink it, put the data into
> the file and send the file descriptor via UNIX domain socket while
> refusing further writes. If it has its own user/group, the file should
> be safe from prying eyes.
>
> This is not as good as a memfd and also suffers from the race that
> O_TMPFILE was meant to close, but it should be able to function as a
> decent fallback.
We can't knowingly create and advocate for broken code, sorry.
> This would preserve portability across not only
> different versions of Linux, but also other POSIX systems.
I honestly do not care about any other system than Linux, so I don't see
why this would ever be an issue.
> Keeping the code in userspace would allow us to apply SELinux policies
> to it, which is something that we would lose if it were go to into the
> kernel.
On the contrary, the kdbusfs implementation gives you better security
model support than before, it ties directly into the LSM hooks, see the
add-on patches from some other developers that bring full support of LSM
to the codebase.
> That said, it is still not clear to me that dbus must be inside the
> kernel to be able to perform multicast and zero copy using memfd.
It seems you have yet to read my introductory email for the patch
series.
greg k-h
next prev parent reply other threads:[~2014-12-02 17:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-29 6:34 Why not make kdbus use CUSE? Richard Yao
2014-11-29 6:34 ` Richard Yao
[not found] ` <20141129063416.GE32286-WkJ4KB730YtOk+SH+krGketnjj8NnB7F@public.gmane.org>
2014-11-29 17:59 ` Greg Kroah-Hartman
2014-11-29 17:59 ` Greg Kroah-Hartman
[not found] ` <20141129175947.GB32510-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2014-12-02 5:40 ` Richard Yao
2014-12-02 5:40 ` Richard Yao
[not found] ` <547D50B9.9040909-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
2014-12-02 5:48 ` Greg Kroah-Hartman
2014-12-02 5:48 ` Greg Kroah-Hartman
2014-12-02 7:59 ` Richard Yao
2014-12-02 12:22 ` Richard Yao
[not found] ` <547DAEF3.1090106-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
2014-12-02 17:26 ` Greg Kroah-Hartman [this message]
2014-12-02 17:26 ` Greg Kroah-Hartman
[not found] ` <20141202172612.GA8958-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2014-12-03 9:22 ` Richard Yao
2014-12-03 9:22 ` Richard Yao
[not found] ` <547ED659.2040106-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
2014-12-03 21:15 ` Greg Kroah-Hartman
2014-12-03 21:15 ` Greg Kroah-Hartman
[not found] ` <547D7159.2040900-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org>
2014-12-02 17:12 ` Greg Kroah-Hartman
2014-12-02 17:12 ` Greg Kroah-Hartman
2014-12-01 14:23 ` One Thousand Gnomes
2014-12-01 14:23 ` One Thousand Gnomes
[not found] ` <20141201142311.37c81ff1-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2014-12-02 4:31 ` Richard Yao
2014-12-02 4:31 ` Richard Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202172612.GA8958@kroah.com \
--to=gregkh-hqyy1w1ycw8ekmwlsbkhg0b+6bgklq7r@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=ryao-aBrp7R+bbdUdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.