From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
Cc: esyr-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
prakash.sangappa-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
Nagarathnam Muthusamy
<nagarathnam.muthusamy-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
Date: Sat, 24 Mar 2018 00:37:19 -0500 [thread overview]
Message-ID: <87efkam3u8.fsf@xmission.com> (raw)
In-Reply-To: <bb73b0ea-bcda-a996-8f14-48d9dd1b0940-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org> (Casey Schaufler's message of "Fri, 23 Mar 2018 14:55:09 -0700")
Casey Schaufler <casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org> writes:
> On 3/23/2018 12:16 PM, Eric W. Biederman wrote:
>> All of the implementations of security hooks that take msg_queue only
>> access q_perm the struct kern_ipc_perm member. This means the
>> dependencies of the msg_queue security hooks can be simplified by
>> passing the kern_ipc_perm member of msg_queue.
>>
>> Making this change will allow struct msg_queue to become private to
>> ipc/msg.c.
>>
>> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
>> ---
>> include/linux/lsm_hooks.h | 12 ++++++------
>> include/linux/security.h | 25 ++++++++++++-------------
>> ipc/msg.c | 18 ++++++++----------
>> security/security.c | 12 ++++++------
>> security/selinux/hooks.c | 36 ++++++++++++++++++------------------
>> security/smack/smack_lsm.c | 24 ++++++++++++------------
>
> Can I reference the comments I made in PATCH 01 of this set
> regarding the Smack changes? The problem in all of your changes
> is the same. You aren't preserving the naming conventions, and
> you've left in some code that is just silly.
Being silly like that is actually important to make a sweeping patch
like that boring and trivial to show that it is correct. Anything
that is not a rule based transformation is much more likely to hide
a bug. So for the push down of the type change I think it was the right
way to go.
That said I am happy to add a clean up patch that makes the obvious
cleanups and simplifications to smack_lsm.c.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: linux-security-module@vger.kernel.org
Subject: [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
Date: Sat, 24 Mar 2018 00:37:19 -0500 [thread overview]
Message-ID: <87efkam3u8.fsf@xmission.com> (raw)
In-Reply-To: <bb73b0ea-bcda-a996-8f14-48d9dd1b0940@schaufler-ca.com> (Casey Schaufler's message of "Fri, 23 Mar 2018 14:55:09 -0700")
Casey Schaufler <casey@schaufler-ca.com> writes:
> On 3/23/2018 12:16 PM, Eric W. Biederman wrote:
>> All of the implementations of security hooks that take msg_queue only
>> access q_perm the struct kern_ipc_perm member. This means the
>> dependencies of the msg_queue security hooks can be simplified by
>> passing the kern_ipc_perm member of msg_queue.
>>
>> Making this change will allow struct msg_queue to become private to
>> ipc/msg.c.
>>
>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>> ---
>> include/linux/lsm_hooks.h | 12 ++++++------
>> include/linux/security.h | 25 ++++++++++++-------------
>> ipc/msg.c | 18 ++++++++----------
>> security/security.c | 12 ++++++------
>> security/selinux/hooks.c | 36 ++++++++++++++++++------------------
>> security/smack/smack_lsm.c | 24 ++++++++++++------------
>
> Can I reference the comments I made in PATCH 01 of this set
> regarding the Smack changes? The problem in all of your changes
> is the same. You aren't preserving the naming conventions, and
> you've left in some code that is just silly.
Being silly like that is actually important to make a sweeping patch
like that boring and trivial to show that it is correct. Anything
that is not a rule based transformation is much more likely to hide
a bug. So for the push down of the type change I think it was the right
way to go.
That said I am happy to add a clean up patch that makes the obvious
cleanups and simplifications to smack_lsm.c.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
khlebnikov@yandex-team.ru, prakash.sangappa@oracle.com,
luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com,
serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com,
linux-security-module@vger.kernel.org,
Pavel Emelyanov <xemul@openvz.org>,
Nagarathnam Muthusamy <nagarathnam.muthusamy@oracle.com>
Subject: Re: [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
Date: Sat, 24 Mar 2018 00:37:19 -0500 [thread overview]
Message-ID: <87efkam3u8.fsf@xmission.com> (raw)
In-Reply-To: <bb73b0ea-bcda-a996-8f14-48d9dd1b0940@schaufler-ca.com> (Casey Schaufler's message of "Fri, 23 Mar 2018 14:55:09 -0700")
Casey Schaufler <casey@schaufler-ca.com> writes:
> On 3/23/2018 12:16 PM, Eric W. Biederman wrote:
>> All of the implementations of security hooks that take msg_queue only
>> access q_perm the struct kern_ipc_perm member. This means the
>> dependencies of the msg_queue security hooks can be simplified by
>> passing the kern_ipc_perm member of msg_queue.
>>
>> Making this change will allow struct msg_queue to become private to
>> ipc/msg.c.
>>
>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>> ---
>> include/linux/lsm_hooks.h | 12 ++++++------
>> include/linux/security.h | 25 ++++++++++++-------------
>> ipc/msg.c | 18 ++++++++----------
>> security/security.c | 12 ++++++------
>> security/selinux/hooks.c | 36 ++++++++++++++++++------------------
>> security/smack/smack_lsm.c | 24 ++++++++++++------------
>
> Can I reference the comments I made in PATCH 01 of this set
> regarding the Smack changes? The problem in all of your changes
> is the same. You aren't preserving the naming conventions, and
> you've left in some code that is just silly.
Being silly like that is actually important to make a sweeping patch
like that boring and trivial to show that it is correct. Anything
that is not a rule based transformation is much more likely to hide
a bug. So for the push down of the type change I think it was the right
way to go.
That said I am happy to add a clean up patch that makes the obvious
cleanups and simplifications to smack_lsm.c.
Eric
next prev parent reply other threads:[~2018-03-24 5:37 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 17:18 [RESEND RFC] translate_pid API nagarathnam.muthusamy
2018-03-13 20:47 ` Jann Horn
2018-03-13 21:20 ` Nagarathnam Muthusamy
2018-03-13 21:28 ` Jann Horn
2018-03-13 21:44 ` Nagarathnam Muthusamy
2018-03-13 22:00 ` Jann Horn
2018-03-13 22:45 ` Nagarathnam Muthusamy
2018-03-13 23:10 ` Jann Horn
2018-03-13 23:52 ` Nagarathnam Muthusamy
2018-03-14 3:29 ` Eric W. Biederman
2018-03-14 21:22 ` Nagarathnam Muthusamy
2018-03-14 22:03 ` Eric W. Biederman
2018-03-20 20:14 ` Nagarathnam Muthusamy
2018-03-21 0:33 ` Eric W. Biederman
[not found] ` <87a7v2z2qa.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 19:11 ` [REVIEW][PATCH 00/11] ipc: Fixing the pid namespace support Eric W. Biederman
2018-03-23 19:11 ` Eric W. Biederman
2018-03-23 19:11 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 21:55 ` Casey Schaufler
2018-03-23 21:55 ` Casey Schaufler
[not found] ` <bb73b0ea-bcda-a996-8f14-48d9dd1b0940-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-24 5:37 ` Eric W. Biederman [this message]
2018-03-24 5:37 ` Eric W. Biederman
2018-03-24 5:37 ` Eric W. Biederman
[not found] ` <20180323191614.32489-3-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:55 ` Casey Schaufler
2018-03-23 19:16 ` [REVIEW][PATCH 05/11] shm: Move struct shmid_kernel into ipc/shm.c Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 07/11] ipc: Move IPCMNI from include/ipc.h into ipc/util.h Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
[not found] ` <20180323191614.32489-9-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:17 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:17 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:17 ` NAGARATHNAM MUTHUSAMY
[not found] ` <7df62190-2407-bfd4-d144-7304a8ea8ae3-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-03-23 21:33 ` Eric W. Biederman
2018-03-23 21:33 ` Eric W. Biederman
2018-03-23 21:33 ` Eric W. Biederman
[not found] ` <87lgeio4tb.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:41 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:41 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:41 ` NAGARATHNAM MUTHUSAMY
2018-03-28 23:04 ` Eric W. Biederman
2018-03-28 23:04 ` Eric W. Biederman
[not found] ` <87woxvajk9.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-28 23:18 ` Nagarathnam Muthusamy
2018-03-28 23:18 ` Nagarathnam Muthusamy
2018-03-28 23:18 ` Nagarathnam Muthusamy
[not found] ` <1091a91e-f8ee-b091-6d95-78b33520fb2d-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-03-28 23:04 ` Eric W. Biederman
[not found] ` <87vadmobdw.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 19:16 ` [REVIEW][PATCH 01/11] sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
[not found] ` <20180323191614.32489-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:46 ` Casey Schaufler
2018-03-23 21:46 ` Casey Schaufler
2018-03-23 21:46 ` Casey Schaufler
[not found] ` <bdf6ed62-b75c-1920-d5ce-ea08428d03d0-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-28 23:20 ` Davidlohr Bueso
2018-03-28 23:20 ` Davidlohr Bueso
2018-03-28 23:20 ` Davidlohr Bueso
2018-03-23 19:16 ` [REVIEW][PATCH 02/11] shm/security: Pass kern_ipc_perm not shmid_kernel into the shm " Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 21:54 ` Casey Schaufler
2018-03-23 21:54 ` Casey Schaufler
[not found] ` <20180323191614.32489-2-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:54 ` Casey Schaufler
2018-03-23 19:16 ` [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue " Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 04/11] sem: Move struct sem and struct sem_array into ipc/sem.c Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 05/11] shm: Move struct shmid_kernel into ipc/shm.c Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 06/11] msg: Move struct msg_queue into ipc/msg.c Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 07/11] ipc: Move IPCMNI from include/ipc.h into ipc/util.h Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 10/11] ipc/msg: Fix msgctl(..., " Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 11/11] ipc/sem: Fix semctl(..., GETPID, " Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
2018-03-29 0:52 ` Davidlohr Bueso
2018-03-29 0:52 ` Davidlohr Bueso
2018-03-30 19:09 ` Davidlohr Bueso
2018-03-30 19:09 ` Davidlohr Bueso
2018-03-30 20:12 ` Eric W. Biederman
2018-03-30 20:12 ` Eric W. Biederman
2018-03-30 20:45 ` Davidlohr Bueso
2018-03-30 20:45 ` Davidlohr Bueso
[not found] ` <87y3i91fxh.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-30 20:45 ` Davidlohr Bueso
2018-03-30 20:12 ` Eric W. Biederman
2018-04-02 11:11 ` Manfred Spraul
2018-04-02 11:11 ` Manfred Spraul
2018-04-02 11:11 ` Manfred Spraul
2018-03-30 19:09 ` Davidlohr Bueso
[not found] ` <20180323191614.32489-11-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-29 0:52 ` Davidlohr Bueso
2018-03-24 5:40 ` [REVIEW][PATCH 12/11] ipc: Directly call the security hook in ipc_ops.associate Eric W. Biederman
2018-03-24 5:40 ` Eric W. Biederman
2018-03-24 5:40 ` Eric W. Biederman
2018-03-28 23:40 ` Davidlohr Bueso
2018-03-28 23:40 ` Davidlohr Bueso
[not found] ` <877eq2m3or.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-28 23:40 ` Davidlohr Bueso
2018-03-31 2:13 ` James Morris
2018-03-31 2:13 ` James Morris
2018-03-31 2:13 ` James Morris
2018-03-24 5:42 ` [REVIEW][PATCH 13/11] ipc/smack: Tidy up from the change in type of the ipc security hooks Eric W. Biederman
2018-03-29 1:12 ` [REVIEW][PATCH 00/11] ipc: Fixing the pid namespace support Davidlohr Bueso
2018-03-29 1:12 ` Davidlohr Bueso
2018-03-29 1:12 ` Davidlohr Bueso
2018-03-29 18:42 ` Eric W. Biederman
2018-03-29 18:42 ` Eric W. Biederman
2018-03-29 18:42 ` Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 10/11] ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces Eric W. Biederman
2018-03-23 19:16 ` Eric W. Biederman
[not found] ` <20180323191614.32489-10-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:21 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:21 ` NAGARATHNAM MUTHUSAMY
2018-03-23 21:21 ` NAGARATHNAM MUTHUSAMY
2018-03-24 5:42 ` [REVIEW][PATCH 13/11] ipc/smack: Tidy up from the change in type of the ipc security hooks Eric W. Biederman
2018-03-24 5:42 ` Eric W. Biederman
[not found] ` <87y3iikp1y.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-25 0:05 ` Casey Schaufler
2018-03-25 0:05 ` Casey Schaufler
2018-03-25 0:05 ` Casey Schaufler
2018-03-28 23:38 ` Davidlohr Bueso
2018-03-28 23:38 ` Davidlohr Bueso
[not found] ` <80cd2fea-c9a8-4f26-acbb-e0ecb34e4e40-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-28 23:38 ` Davidlohr Bueso
2018-03-28 23:57 ` Davidlohr Bueso
2018-03-28 23:57 ` Davidlohr Bueso
2018-03-28 23:57 ` Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87efkam3u8.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=esyr-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=nagarathnam.muthusamy-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=prakash.sangappa-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.