From: Eric Biggers <ebiggers@kernel.org>
To: Lokesh Gidra <lokeshgidra@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
James Morris <jmorris@namei.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
Daniel Colascione <dancol@dancol.org>,
Kees Cook <keescook@chromium.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
KP Singh <kpsingh@google.com>,
David Howells <dhowells@redhat.com>,
Thomas Cedeno <thomascedeno@google.com>,
Anders Roxell <anders.roxell@linaro.org>,
Sami Tolvanen <samitolvanen@google.com>,
Matthew Garrett <matthewgarrett@google.com>,
Aaron Goidel <acgoide@tycho.nsa.gov>,
Randy Dunlap <rdunlap@infradead.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
YueHaibing <yuehaibing@huawei.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Alexei Starovoitov <ast@kernel.org>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Adrian Reber <areber@redhat.com>,
Aleksa Sarai <cyphar@cyphar.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
kaleshsingh@google.com, calin@google.com, surenb@google.com,
nnk@google.com, jeffv@google.com, kernel-team@android.com,
Daniel Colascione <dancol@google.com>
Subject: Re: [PATCH v10 3/3] Use secure anon inodes for userfaultfd
Date: Wed, 4 Nov 2020 12:36:31 -0800 [thread overview]
Message-ID: <20201104203631.GD1796392@gmail.com> (raw)
In-Reply-To: <20201011082936.4131726-4-lokeshgidra@google.com>
On Sun, Oct 11, 2020 at 01:29:36AM -0700, Lokesh Gidra wrote:
> From: Daniel Colascione <dancol@google.com>
>
> This change gives userfaultfd file descriptors a real security
> context, allowing policy to act on them.
>
> Signed-off-by: Daniel Colascione <dancol@google.com>
>
> [Remove owner inode from userfaultfd_ctx]
> [Use anon_inode_getfd_secure() instead of anon_inode_getfile_secure()
> in userfaultfd syscall]
> [Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
>
> Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
> ---
I'm not an expert in userfaultfd or SELinux, but I don't see any issues with
this patch, and the comments I made earlier were resolved (except for the patch
title which I just pointed out -- it should have "userfaultfd:" prefix).
So feel free to add:
Reviewed-by: Eric Biggers <ebiggers@google.com>
next prev parent reply other threads:[~2020-11-04 20:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-11 8:29 [PATCH v10 0/3] SELinux support for anonymous inodes and UFFD Lokesh Gidra
2020-10-11 8:29 ` [PATCH v10 1/3] Add a new LSM-supporting anonymous inode interface Lokesh Gidra
2020-11-04 20:27 ` Eric Biggers
2020-10-11 8:29 ` [PATCH v10 2/3] Teach SELinux about anonymous inodes Lokesh Gidra
2020-10-11 8:29 ` [PATCH v10 3/3] Use secure anon inodes for userfaultfd Lokesh Gidra
2020-11-04 20:36 ` Eric Biggers [this message]
2020-10-26 16:57 ` [PATCH v10 0/3] SELinux support for anonymous inodes and UFFD Lokesh Gidra
2020-11-04 20:07 ` Eric Biggers
2020-11-04 20:29 ` Eric Biggers
-- strict thread matches above, loose matches on Subject: below --
2020-11-03 22:00 Lokesh Gidra
2020-11-03 22:00 ` [PATCH v10 3/3] Use secure anon inodes for userfaultfd Lokesh Gidra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201104203631.GD1796392@gmail.com \
--to=ebiggers@kernel.org \
--cc=acgoide@tycho.nsa.gov \
--cc=alexey.budankov@linux.intel.com \
--cc=anders.roxell@linaro.org \
--cc=areber@redhat.com \
--cc=ast@kernel.org \
--cc=calin@google.com \
--cc=casey@schaufler-ca.com \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=dancol@dancol.org \
--cc=dancol@google.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=jeffv@google.com \
--cc=jmorris@namei.org \
--cc=joel@joelfernandes.org \
--cc=kaleshsingh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=kpsingh@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lokeshgidra@google.com \
--cc=matthewgarrett@google.com \
--cc=nnk@google.com \
--cc=paul@paul-moore.com \
--cc=rdunlap@infradead.org \
--cc=samitolvanen@google.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=surenb@google.com \
--cc=thomascedeno@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.