From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [RFC PATCH 1/5] ima: extend clone() with IMA namespace support Date: Tue, 25 Jul 2017 17:28:54 -0400 Message-ID: <1501018134.27413.66.camel@linux.vnet.ibm.com> References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> <20170720225033.21298-2-mkayaalp@linux.vnet.ibm.com> <20170725175317.GA727@mail.hallyn.com> <1501008554.3689.30.camel@HansenPartnership.com> <20170725190406.GA1883@mail.hallyn.com> <1501009739.3689.33.camel@HansenPartnership.com> <1501012082.27413.17.camel@linux.vnet.ibm.com> <645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com> <20170725204622.GA4969@mail.hallyn.com> <1501016277.27413.50.camel@linux.vnet.ibm.com> <20170725210801.GA5628@mail.hallyn.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20170725210801.GA5628-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Serge E. Hallyn" Cc: Mehmet Kayaalp , Mehmet Kayaalp , Yuqiong Sun , containers , linux-kernel , David Safford , James Bottomley , linux-security-module , ima-devel , Yuqiong Sun List-Id: containers.vger.kernel.org T24gVHVlLCAyMDE3LTA3LTI1IGF0IDE2OjA4IC0wNTAwLCBTZXJnZSBFLiBIYWxseW4gd3JvdGU6 Cj4gT24gVHVlLCBKdWwgMjUsIDIwMTcgYXQgMDQ6NTc6NTdQTSAtMDQwMCwgTWltaSBab2hhciB3 cm90ZToKPiA+IE9uIFR1ZSwgMjAxNy0wNy0yNSBhdCAxNTo0NiAtMDUwMCwgU2VyZ2UgRS4gSGFs bHluIHdyb3RlOgo+ID4gPiBPbiBUdWUsIEp1bCAyNSwgMjAxNyBhdCAwNDoxMToyOVBNIC0wNDAw LCBTdGVmYW4gQmVyZ2VyIHdyb3RlOgo+ID4gPiA+IE9uIDA3LzI1LzIwMTcgMDM6NDggUE0sIE1p bWkgWm9oYXIgd3JvdGU6Cj4gPiA+ID4gPk9uIFR1ZSwgMjAxNy0wNy0yNSBhdCAxMjowOCAtMDcw MCwgSmFtZXMgQm90dG9tbGV5IHdyb3RlOgo+ID4gPiA+ID4+T24gVHVlLCAyMDE3LTA3LTI1IGF0 IDE0OjA0IC0wNTAwLCBTZXJnZSBFLiBIYWxseW4gd3JvdGU6Cj4gPiA+ID4gPj4+T24gVHVlLCBK dWwgMjUsIDIwMTcgYXQgMTE6NDk6MTRBTSAtMDcwMCwgSmFtZXMgQm90dG9tbGV5IHdyb3RlOgo+ ID4gPiA+ID4+Pj5PbiBUdWUsIDIwMTctMDctMjUgYXQgMTI6NTMgLTA1MDAsIFNlcmdlIEUuIEhh bGx5biB3cm90ZToKPiA+ID4gPiA+Pj4+Pk9uIFRodSwgSnVsIDIwLCAyMDE3IGF0IDA2OjUwOjI5 UE0gLTA0MDAsIE1laG1ldCBLYXlhYWxwIHdyb3RlOgo+ID4gPiA+ID4+Pj4+Pgo+ID4gPiA+ID4+ Pj4+PkZyb206IFl1cWlvbmcgU3VuIDxzdW55QHVzLmlibS5jb20+Cj4gPiA+ID4gPj4+Pj4+Cj4g PiA+ID4gPj4+Pj4+QWRkIG5ldyBDT05GSUdfSU1BX05TIGNvbmZpZyBvcHRpb24uICBMZXQgY2xv bmUoKSBjcmVhdGUgYSBuZXcKPiA+ID4gPiA+Pj4+Pj5JTUEgbmFtZXNwYWNlIHVwb24gQ0xPTkVf TkVXTlMgZmxhZy4gQWRkIGltYV9ucyBkYXRhIHN0cnVjdHVyZQo+ID4gPiA+ID4+Pj4+PmluIG5z cHJveHkuIGltYV9ucyBpcyBhbGxvY2F0ZWQgYW5kIGZyZWVkIHVwb24gSU1BIG5hbWVzcGFjZQo+ ID4gPiA+ID4+Pj4+PmNyZWF0aW9uIGFuZCBleGl0LiBDdXJyZW50bHksIHRoZSBpbWFfbnMgY29u dGFpbnMgbm8gdXNlZnVsIElNQQo+ID4gPiA+ID4+Pj4+PmRhdGEgYnV0IG9ubHkgYSBkdW1teSBp bnRlcmZhY2UuIFRoaXMgcGF0Y2ggY3JlYXRlcyB0aGUKPiA+ID4gPiA+Pj4+Pj5mcmFtZXdvcmsg Zm9yIG5hbWVzcGFjaW5nIHRoZSBkaWZmZXJlbnQgYXNwZWN0cyBvZiBJTUEgKGVnLgo+ID4gPiA+ ID4+Pj4+PklNQS1hdWRpdCwgSU1BLW1lYXN1cmVtZW50LCBJTUEtYXBwcmFpc2FsKS4KPiA+ID4g PiA+Pj4+Pj4KPiA+ID4gPiA+Pj4+Pj5TaWduZWQtb2ZmLWJ5OiBZdXFpb25nIFN1biA8c3VueUB1 cy5pYm0uY29tPgo+ID4gPiA+ID4+Pj4+Pgo+ID4gPiA+ID4+Pj4+PkNoYW5nZWxvZzoKPiA+ID4g PiA+Pj4+Pj4qIFVzZSBDTE9ORV9ORVdOUyBpbnN0ZWFkIG9mIGEgbmV3IENMT05FX05FV0lNQSBm bGFnCj4gPiA+ID4gPj4+Pj5IaSwKPiA+ID4gPiA+Pj4+Pgo+ID4gPiA+ID4+Pj4+U28gdGhpcyBt ZWFucyB0aGF0IGV2ZXJ5IG1vdW50IG5hbWVzcGFjZSBjbG9uZSB3aWxsIGNsb25lIGEgbmV3Cj4g PiA+ID4gPj4+Pj5JTUEgbmFtZXNwYWNlLiAgSXMgdGhhdCByZWFsbHkgb2s/Cj4gPiA+ID4gPj4+ PkJhc2VkIG9uIHdoYXQ6IHNwYWNlIGNvbmNlcm5zIChzdHJ1Y3QgaW1hX25zIGlzIHJlYXNvbmFi bHkgc21hbGwpPwo+ID4gPiA+ID4+Pj5vciB3aGV0aGVyIHR5aW5nIGl0IHRvIHRoZSBtb3VudCBu YW1lc3BhY2UgaXMgdGhlIGNvcnJlY3QgdGhpbmcgdG8KPiA+ID4gPiA+Pj4+ZG8uICBPbgo+ID4g PiA+ID4+Pk1vc3RseSB0aGUgbGF0dGVyLiAgVGhlIG90aGVyIHdvdWxkIGJlIG5vdCBzbyBtdWNo IHNwYWNlIGNvbmNlcm5zIGFzCj4gPiA+ID4gPj4+dGltZSBjb25jZXJucy4gIE1hbnkgdGhpbmdz IHVzZSBuZXcgbW91bnRzIG5hbWVzcGFjZXMsIGFuZCB3ZQo+ID4gPiA+ID4+PndvdWxkbid0IHdh bnQgbXVsdGlwbGUgSU1BIGNhbGxzIG9uIGFsbCBmaWxlIGFjY2Vzc2VzIGJ5IGFsbCBvZgo+ID4g PiA+ID4+PnRob3NlLgo+ID4gPiA+ID4+Pgo+ID4gPiA+ID4+Pj50aGUgbGF0dGVyLCBpdCBkb2Vz IHNlZW0gdGhhdCB0aGlzIHNob3VsZCBiZSBhIHByb3BlcnR5IG9mIGVpdGhlcgo+ID4gPiA+ID4+ Pj50aGUgbW91bnQgb3IgdXNlciBucyByYXRoZXIgdGhhbiBpdHMgb3duIHNlcGFyYXRlIG5zLiAg SSBjb3VsZCBzZWUKPiA+ID4gPiA+Pj4+YSB1c2Ugd2hlcmUgZXZlbiBhIGNvbnRhaW5lciBtaWdo dCB3YW50IG11bHRpcGxlIGltYSBrZXlyaW5ncwo+ID4gPiA+ID4+Pj53aXRoaW4gdGhlIGNvbnRh aW5lciAoc2F5IGNvbnRhaW5lcmlzZWQgYXBhY2hlIHNlcnZpY2Ugd2l0aAo+ID4gPiA+ID4+Pj5t dWx0aXBsZSB0ZW5hbnRzKSwgc28gaW5zdGluY3QgdGVsbHMgbWUgdGhhdCBtb3VudCBucyBpcyB0 aGUKPiA+ID4gPiA+Pj4+Y29ycmVjdCBncmFudWxhcml0eSBmb3IgdGhpcy4KPiA+ID4gPiA+Pj5J IHdvbmRlciB3aGV0aGVyIHdlIGNvdWxkIHVzZSBlY2hvIDEgPiAvc3lzL2tlcm5lbC9zZWN1cml0 eS9pbWEvbmV3bnMKPiA+ID4gPiA+Pj5hcyB0aGUgdHJpZ2dlciBmb3IgcmVxdWVzdGluZyBhIG5l dyBpbWEgbnMgb24gdGhlIG5leHQKPiA+ID4gPiA+Pj5jbG9uZShDTE9ORV9ORVdOUykuCj4gPiA+ ID4gPj5JIGNvdWxkIGdvIHdpdGggdGhhdCwgYnV0IHdoYXQgYWJvdXQgdGhlIHRyaWdnZXIgYmVp bmcgaW5zdGFsbGluZyBvcgo+ID4gPiA+ID4+dXBkYXRpbmcgdGhlIGtleXJpbmc/ICBUaGF0J3Mg dGhlIG9ubHkgb3BlcmF0aW9uIHRoYXQgbmVlZHMgbmFtZXNwYWNlCj4gPiA+ID4gPj5zZXBhcmF0 aW9uLCBzbyBvbiBtb3VudCBucyBjbG9uZSwgeW91IGdldCBhIHBvaW50ZXIgdG8gdGhlIG9sZCBp bWFfbnMKPiA+ID4gPiA+PnVudGlsIHlvdSBkbyBzb21ldGhpbmcgdGhhdCByZXF1aXJlcyBhIG5l dyBrZXksIHdoaWNoIHRoZW4gdHJpZ2dlcnMgdGhlCj4gPiA+ID4gPj5jb3B5IG9mIHRoZSBuYW1l c3BhY2UgYW5kIGluc3RhbGxpbmcgaXQ/Cj4gPiA+ID4gPkl0IGlzbid0IGp1c3QgdGhlIGtleXJp bmdzIHRoYXQgbmVlZCB0byBiZSBuYW1lc3BhY2VkLCBidXQgdGhlCj4gPiA+ID4gPm1lYXN1cmVt ZW50IGxpc3QgYW5kIHBvbGljeSBhcyB3ZWxsLgo+ID4gPiA+ID4KPiA+ID4gPiA+SU1BLW1lYXN1 cmVtZW50LCBJTUEtYXBwcmFpc2FsIGFuZCBJTUEtYXVkaXQgYXJlIGFsbCBwb2xpY3kgYmFzZWQu Cj4gPiA+ID4gPgo+ID4gPiA+ID5BcyBzb29uIGFzIHRoZSBuYW1lc3BhY2Ugc3RhcnRzLCBtZWFz dXJlbWVudHMgc2hvdWxkIGJlIGFkZGVkIHRvIHRoZQo+ID4gPiA+ID5uYW1lc3BhY2Ugc3BlY2lm aWMgbWVhc3VyZW1lbnQgbGlzdCwgbm90IGl0J3MgcGFyZW50Lgo+ID4gPiAKPiA+ID4gU2hvdWxk bid0IGl0IGJlIGJvdGg/Cj4gPiAKPiA+IFRoZSBwb2xpY3kgZGVmaW5lcyB3aGljaCBmaWxlcyBh cmUgbWVhc3VyZWQuIMKgVGhlIG5hbWVzcGFjZSBwb2xpY3kKPiA+IGNvdWxkIGJlIGRpZmZlcmVu dCB0aGFuIGl0J3MgcGFyZW50J3MgcG9saWN5LCBhbmQgdGhlIHBhcmVudCdzIHBvbGljeQo+ID4g Y291bGQgYmUgZGlmZmVyZW50IHRoYW4gdGhlIG5hdGl2ZSBwb2xpY3kuIMKgQmFzaWNhbGx5LCBm aWxlCj4gPiBtZWFzdXJlbWVudHMgbmVlZCB0byBiZSBhZGRlZCB0byB0aGUgbmFtZXNwYWNlIG1l YXN1cmVtZW50IGxpc3QsCj4gPiByZWN1cnNpdmVseSwgdXAgdG8gdGhlIG5hdGl2ZSBtZWFzdXJl bWVudCBsaXN0Lgo+IAo+IFllcywgYnV0IGlmIGEgdGFzayB0MSBpcyBpbiBuYW1lc3BhY2UgbnMy IHdoaWNoIGlzIGEgY2hpbGQgb2YgbmFtZXNwYWNlIG5zMSwKPiBhbmQgaXQgYWNjZXNzZXMgYSBm aWxlIHdoaWNoIG5zMSdzIHBvbGljeSBzYXlzIG11c3QgYmUgbWVhc3VyZWQsIHRoZW4gd2lsbAo+ IG5zMSdzIHJlcXVpcmVkIG1lYXN1cmVtZW50IGhhcHBlbiAoYW5kIGJlIGFwcGVuZGVkIHRvIHRo ZSBuczEgbWVhc3VyZW1lbnQKPiBsaXN0KSwgd2hldGhlciBvciBub3QgbnMyJ3MgcG9saWN5IHJl cXVpcmVzIGl0PwoKWWVzLCBhcyB0aGUgZmlsZSBuZWVkcyB0byBiZSBtZWFzdXJlZCBvbmx5IGlu IHRoZSBuczEgcG9saWN5LCB0aGUKbWVhc3VyZW1lbnQgd291bGQgZXhpc3QgaW4gdGhlIG5zMSBt ZWFzdXJlbWVudCBsaXN0LCBidXQgbm90IGluIHRoZQpuczIgbWVhc3VyZW1lbnQgbGlzdC4gwqBU aGUgcHNldWRvIGNvZGUgc25pcHBldCBiZWxvdyBtaWdodCBoZWxwLgoKZG8gewogICAuCiAgIC4K ICAgCiAgIC8qIGNhbGN1bGF0ZSBmaWxlIGhhc2ggYmFzZWQgb24geGF0dHIgYWxnb3JpdGhtICov CiAgIGNvbGxlY3RfbWVhc3VyZW1lbnQoKQogICAKICAgLyogcmVjdXJzaXZlbHkgYWRkZWQgdG8g ZWFjaCBuYW1lc3BhY2UgYmFzZWQgb24gcG9saWN5ICovCiAgIGltYV9zdG9yZV9tZWFzdXJlbWVu dCgpCiAgIAogICAvKiBCYXNlZCBvbiB0aGUgc3BlY2lmaWMgbmFtZXNwYWNlIHBvbGljeSBhbmQg a2V5cy4gKi8KICAgaWYgKCFvbmNlKSB7CiAgICAgICBvbmNlID0gMTsKICAgICAgIHJlc3VsdCA9 IGltYV9hcHByYWlzZV9tZWFzdXJlbWVudCgpCiAgIH0KCiAgIGltYV9hdWRpdF9tZWFzdXJlbWVu dCgpCgp9IHdoaWxlICgobnMgPSBucy0+cGFyZW50KSk7CgpyZXR1cm4gcmVzdWx0OwoKTWltaQoK X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ29udGFpbmVy cyBtYWlsaW5nIGxpc3QKQ29udGFpbmVyc0BsaXN0cy5saW51eC1mb3VuZGF0aW9uLm9yZwpodHRw czovL2xpc3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9jb250YWluZXJz