linux-api.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lukasz Pawelczyk <l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Vladimir Davydov
	<vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
	Miklos Szeredi <mszeredi-AlSwsSmVLrQ@public.gmane.org>,
	Lukasz Pawelczyk <havner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
	Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	Mark Rustad
	<mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
	Juri Lelli <juri.lelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
	Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
	Daeseok Youn
	<daeseok.youn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
	Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	Jeff Kirsher
	<jeffrey.t.kirsher-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
	David Rientjes <rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
	Alex Thorlton <athorlton-sJ/iWh9BUns@public.gmane.org>,
	Matthew Dempsky
	<mdempsky-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
	Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
	Nikolay Aleksandrov
	<nikolay-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	Dario Faggioli <raistlin-k2GhghHVRtY@public.gmane.org>,
	Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
	James Morris
	<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
	"open list:ABI/API"
	<linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	Linux Containers
	<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
	LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	Paul Moore <pmoore@redha>
Subject: Re: [RFC] lsm: namespace hooks
Date: Tue, 02 Dec 2014 13:43:13 +0100	[thread overview]
Message-ID: <1417524193.1899.2.camel@samsung.com> (raw)
In-Reply-To: <1417109911.1805.27.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>

On czw, 2014-11-27 at 18:38 +0100, Lukasz Pawelczyk wrote:
> Right now the major issue I see is that LSM by itself is not defined how
> it's going to behave. It's up to a specific LSM module.
> 
> E.g. within the Smack namespace filling the map is a privileged
> operation. So by tying them up you cripple the ability to create a fully
> working user namespace as an unprivileged process.

Entertaining the idea that LSM namespace would be tied to user namespace
(as you suggested) how do you see the limitation I described above?


-- 
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics

  parent reply	other threads:[~2014-12-02 12:43 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1417096866-25563-1-git-send-email-l.pawelczyk@samsung.com>
     [not found] ` <1417096866-25563-1-git-send-email-l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:01   ` [RFC] lsm: namespace hooks Lukasz Pawelczyk
     [not found]     ` <1417096866-25563-2-git-send-email-l.pawelczyk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:18       ` Richard Weinberger
     [not found]         ` <CAFLxGvzw4N4QFv5Vg1dDf9pdRe+Szbevmqn5QNwjLHN4xrokCg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-27 14:35           ` Lukasz Pawelczyk
     [not found]             ` <1417098928.1805.15.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 14:38               ` Richard Weinberger
     [not found]                 ` <54773757.8090905-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 14:44                   ` Lukasz Pawelczyk
     [not found]                     ` <1417099455.1805.17.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 15:01                       ` Richard Weinberger
     [not found]                         ` <54773CE7.5040303-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 15:11                           ` Lukasz Pawelczyk
     [not found]                             ` <1417101060.1805.21.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 15:17                               ` Richard Weinberger
     [not found]                                 ` <547740A0.4040700-/L3Ra7n9ekc@public.gmane.org>
2014-11-27 15:24                                   ` Lukasz Pawelczyk
2014-11-27 15:42                               ` Eric W. Biederman
     [not found]                                 ` <87d288zm3a.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-27 16:07                                   ` Lukasz Pawelczyk
     [not found]                                     ` <1417104439.1805.25.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-11-27 16:44                                       ` Eric W. Biederman
     [not found]                                         ` <871tooy4nc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-27 17:38                                           ` Lukasz Pawelczyk
     [not found]                                             ` <1417109911.1805.27.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2014-12-02 12:43                                               ` Lukasz Pawelczyk [this message]
2014-12-09 16:13                                                 ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1417524193.1899.2.camel@samsung.com \
    --to=l.pawelczyk-sze3o3uu22jbdgjk7y7tuq@public.gmane.org \
    --cc=athorlton-sJ/iWh9BUns@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=daeseok.youn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    --cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
    --cc=havner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    --cc=james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
    --cc=jeffrey.t.kirsher-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
    --cc=juri.lelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    --cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
    --cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=mark.d.rustad-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
    --cc=mdempsky-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
    --cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=mszeredi-AlSwsSmVLrQ@public.gmane.org \
    --cc=nikolay-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=pmoore@redha \
    --cc=raistlin-k2GhghHVRtY@public.gmane.org \
    --cc=richard-/L3Ra7n9ekc@public.gmane.org \
    --cc=rientjes-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
    --cc=vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
    --cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).