From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: [RFC PATCH v2 1/3] ima: extend clone() with IMA namespace support Date: Thu, 15 Mar 2018 10:33:12 -0700 Message-ID: <1521135192.5348.64.camel@HansenPartnership.com> References: <20180309201421.6150-1-stefanb@linux.vnet.ibm.com> <20180309201421.6150-2-stefanb@linux.vnet.ibm.com> <87vadxfwqj.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Stefan Berger , "Eric W. Biederman" Cc: mkayaalp-4hyTIkVWTs8LubxHQvXPfYdd74u8MsAO@public.gmane.org, Mehmet Kayaalp , sunyuqiong1988-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, david.safford-JJi787mZWgc@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-ima-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Yuqiong Sun , zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org List-Id: containers.vger.kernel.org T24gVGh1LCAyMDE4LTAzLTE1IGF0IDExOjI2IC0wNDAwLCBTdGVmYW4gQmVyZ2VyIHdyb3RlOgo+ IE9uIDAzLzE1LzIwMTggMDY6NDAgQU0sIEVyaWMgVy4gQmllZGVybWFuIHdyb3RlOgo+ID4gCj4g PiBTdGVmYW4gQmVyZ2VyIDxzdGVmYW5iQGxpbnV4LnZuZXQuaWJtLmNvbT4gd3JpdGVzOgo+ID4g Cj4gPiA+IAo+ID4gPiBGcm9tOiBZdXFpb25nIFN1biA8c3VueUB1cy5pYm0uY29tPgo+ID4gPiAK PiA+ID4gQWRkIG5ldyBDT05GSUdfSU1BX05TIGNvbmZpZyBvcHRpb24uwqDCoExldCBjbG9uZSgp IGNyZWF0ZSBhIG5ldwo+ID4gPiBJTUEgbmFtZXNwYWNlIHVwb24gQ0xPTkVfTkVXTlMgZmxhZy4g QWRkIGltYV9ucyBkYXRhIHN0cnVjdHVyZSBpbgo+ID4gPiBuc3Byb3h5LiDCoGltYV9ucyBpcyBh bGxvY2F0ZWQgYW5kIGZyZWVkIHVwb24gSU1BIG5hbWVzcGFjZQo+ID4gPiBjcmVhdGlvbiBhbmQg ZXhpdC4gwqBDdXJyZW50bHksIHRoZSBpbWFfbnMgY29udGFpbnMgbm8gdXNlZnVsIElNQQo+ID4g PiBkYXRhIGJ1dCBvbmx5IGEgZHVtbXkgaW50ZXJmYWNlLiBUaGlzIHBhdGNoIGNyZWF0ZXMgdGhl IGZyYW1ld29yawo+ID4gPiBmb3IgbmFtZXNwYWNpbmcgdGhlIGRpZmZlcmVudCBhc3BlY3RzIG9m IElNQSAoZWcuIElNQS1hdWRpdCwgSU1BLQo+ID4gPiBtZWFzdXJlbWVudCwgSU1BLWFwcHJhaXNh bCkuCj4gPiBJTUEgaXMgbm90IHBhdGggYmFzZWQuwqDCoFRoZSBvbmx5IHRoaW5nIHRoYXQgYmVs b25ncyB0byBhIG1vdW50Cj4gPiBuYW1lc3BhY2UgYXJlIHBhdGhzLsKgwqBUaGVyZWZvcmUgSU1B IGlzIGNvbXBsZXRlbHkgaW5hcHByb3ByaWF0ZSB0bwo+ID4gYmUgam9pbnQgd2l0aCBhIG1vdW50 IG5hbWVzcGFjZS4KCkp1c3QgdG8gYmUgY2xlYXI6IFRoZSBtb3VudCBuYW1lc3BhY2UgaXMgbm90 IG9ubHkgYWJvdXQgcGF0aHMgaXQncyBhbHNvCmFib3V0IHN1YnRyZWUgcHJvcGVydGllcy4gwqBI b3dldmVyLCB0aGUgcG9pbnQgc3RpbGwgc3RhbmRzIHRoYXQgSU1BIGhhcwphIGRlcGVuZGVuY3kg b24gbmVpdGhlci4KCj4gSU1BIG1lYXN1cmVzIHRoZSBmaWxlcyBkZXNjcmliZWQgYnkgdGhlc2Ug cGF0aHMuIFRoZSBmaWxlcyBhbHNvIG1heQo+IGhvbGQgc2lnbmF0dXJlcyAoc2VjdXJpdHkuaW1h IHhhdHRyKSBuZWVkZWQgZm9yIElNQSBhcHByYWlzYWwuCgpUaGUgeGF0dHIgaXMgYW4gaW5vZGUg cHJvcGVydHksIHdoaWNoIGlzbid0IG5hbWVzcGFjZWQgYnkgdGhlIG1vdW50X25zLgoKV2hlbiB3 ZSBoYWQgdGhpcyBkaXNjdXNzaW9uIGxhc3QgeWVhciwgd2UgdGFsa2VkIGFib3V0IHBvc3NpYmx5 IHVzaW5nCnRoZSB1c2VyX25zIGluc3RlYWQuIMKgSXQgbWFrZXMgc2Vuc2UgYmVjYXVzZSBmb3Ig SU1BIHNpZ25hdHVyZXMgeW91J3JlCmdvaW5nIHRvIG5lZWQgc29tZSB0eXBlIG9mIGtleXJpbmcg bmFtZXNwYWNlIGFuZCB0aGVyZSdzIGFscmVhZHkgb25lCmhhbmdpbmcgb2ZmIHRoZSB1c2VyX25z OgoKY29tbWl0IGYzNmY4Yzc1YWUyZTdkNGRhMzRmNGM5MDhjZWJkYjRhYTQyYzk3N2UKQXV0aG9y OiBEYXZpZCBIb3dlbGxzIDxkaG93ZWxsc0ByZWRoYXQuY29tPgpEYXRlOsKgwqDCoFR1ZSBTZXAg MjQgMTA6MzU6MTkgMjAxMyArMDEwMAoKwqDCoMKgwqBLRVlTOiBBZGQgcGVyLXVzZXJfbmFtZXNw YWNlIHJlZ2lzdGVycyBmb3IgcGVyc2lzdGVudCBwZXItVUlECmtlcmJlcm9zIGNhY2hlcwoKPiA+ IEkgc2F3IHRoYXQgU2VyZ2UgZXZlbiByZWNlbnRseSBtZW50aW9uZWQgdGhhdCB5b3UgbmVlZCB0 byB0YWtlCj4gPiB0aGlzIGFzcGVjdCBvZiB0aGUgY2hhbmdlcyBiYWNrIHRvIHRoZSBkcmF3aW5n IGJvYXJkLsKgwqBXaXRoIG15Cj4gPiBuYW1lc3BhY2UgbWFpbnRhaW5lciBoYXQgb24gSSByZXBl YXQgdGhhdC4KPiAKPiBEcmF3aW5nIGJvYXJkIGlzIGhlcmUgbm93ICh0dW5pbmcgb24gdGhlIHRl eHQuLi4pOgo+IAo+IGh0dHA6Ly9rZXJuc2VjLm9yZy93aWtpL2luZGV4LnBocC9JTUFfTmFtZXNw YWNpbmdfZGVzaWduX2NvbnNpZGVyYXRpbwo+IG5zCgpZb3UgbWVudGlvbiBhbiBhYnVzZSBjYXNl IGhlcmUgd2hpY2ggaXMgYmFzaWNhbGx5IGEgd2F5IG9mIHJlbGF4aW5nCnNlY3VyaXR5IHBvbGlj eS4gwqBDYW5ub3Qgd2UgZml4IHRoYXQgYnkgbWFraW5nIHBvbGljeSBoaWVyYXJjaGljYWwsIHNv CmEgY2hpbGQgbmFtZXNwYWNlIG11c3QgaGF2ZSB0aGUgc2FtZSBvciBhIG1vcmUgc3RyaWN0IHBv bGljeSB0aGFuIHRoZQpwYXJlbnQ/Cgo+ID4gwqBGcm9tIGEgMTAsMDAwIGZvb3QgdmlldyBJIGNh biBhbHJlYWR5IHRlbGwgdGhhdCB0aGlzIGlzIGhvcGVsZXNzLgo+ID4gU28gZm9yIGJpbmRpbmcg SU1BIG5hbXNwYWNlcyBhbmQgQ0xPTkVfTkVXTlM6Cj4gPiAKPiA+IE5hY2tlZC1ieTogIkVyaWMg Vy4gQmllZGVybWFuIiA8ZWJpZWRlcm1AeG1pc3Npb24uY29tPgo+ID4gCj4gPiBJIGFtIG5vdCBu YWNraW5nIElNQSBuYW1lc3BhY2luZyBqdXN0IGluYXBwcm9wcmlhdGVseSB0eWluZyBpbWEKPiA+ IG5hbWVzcGFjZXMgdG8gbW91bnQgbmFtZXNwYWNlcy7CoMKgVGhlc2Ugc2hvdWxkIGJlIGNvbXBs ZXRlbHkKPiA+IHNlcGFyYXRlIGVudGl0aWVzLgo+IAo+IExldCdzIHNheSB3ZSBnbyBkb3duIHRo ZSByb2FkIG9mIHNwYXduaW5nIGl0IGluZGVwZW5kZW50bHkuIENhbiB3ZQo+IHVzZSB0aGUgdW51 c2VkIGNsb25lIGZsYWcgMHgxMDAwPyBPciBzaG91bGQgd2UgY29tZSB1cCB3aXRoIG5ld8KgCj4g dW5zaGFyZTIoKS9jbG9uZTIoKSBzeXNjYWxscyB0byBleHRlbmQgdGhlIGNsb25lIGJpdHMgdG8g NjQgYml0PyBPcgo+IHVzZSBhIHN5c2ZzL3NlY3VyaXR5ZnMgZmlsZSB0byBzcGF3biBhIG5ldyBJ TUEgbmFtZXNwYWNlPyBNYWtlIHRoaXMgYQo+IGdlbmVyaWMgZmlsZSBub3QgYW4gSU1BIHNwZWNp ZmljIG9uZT8KCklmLCBhcyBhIHJlc3VsdCBvZiBkaXNjdXNzaW9ucywgaXQgdHVybnMgb3V0IHRo YXQgYSBzZXBhcmF0ZSBuYW1lc3BhY2UKaXMgdGhlIGNvcnJlY3Qgd2F5IHRvIHByb2NlZWQsIEkn bSBzdXJlIHdlIGNhbiBzb3J0IG91dCB0aGUgZGV0YWlscyBvZgpob3cgd2UgY29wZSB3aXRoIHRo ZSBmbGFnIHBhdWNpdHkgcHJvYmxlbS4KCkphbWVzCgoKX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18KQ29udGFpbmVycyBtYWlsaW5nIGxpc3QKQ29udGFpbmVy c0BsaXN0cy5saW51eC1mb3VuZGF0aW9uLm9yZwpodHRwczovL2xpc3RzLmxpbnV4Zm91bmRhdGlv bi5vcmcvbWFpbG1hbi9saXN0aW5mby9jb250YWluZXJz