From: "Mickaël Salaün" <mic@digikod.net>
To: Jan Kara <jack@suse.cz>
Cc: "Tingmao Wang" <m@maowtm.org>,
"Günther Noack" <gnoack@google.com>,
linux-security-module@vger.kernel.org,
"Amir Goldstein" <amir73il@gmail.com>,
"Matthew Bobrowski" <repnop@google.com>,
linux-fsdevel@vger.kernel.org,
"Tycho Andersen" <tycho@tycho.pizza>
Subject: Re: [RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests
Date: Sat, 8 Mar 2025 20:15:18 +0100 [thread overview]
Message-ID: <20250308.Ce9iqu4evooL@digikod.net> (raw)
In-Reply-To: <7hpktxh4s6pho2cgoi6x7ptzimqrgflgbztrmtnamstpuefooj@orahctcwxqxm>
On Thu, Mar 06, 2025 at 10:04:54PM +0100, Jan Kara wrote:
> On Tue 04-03-25 01:12:56, Tingmao Wang wrote:
> > Alternatives
> > ------------
> >
> > I have looked for existing ways to implement the proposed use cases (at
> > least for FS access), and three main approaches stand out to me:
> >
> > 1. Fanotify: there is already FAM_OPEN_PERM which waits for an allow/deny
> > response from a fanotify listener. However, it does not currently have
> > the equivalent _PERM for file creation, deletion, rename and linking, and
> > it is also not designed for unprivileged, process-scoped use (unlike
> > landlock).
>
> As Amir wrote, arbitration of creation / deletion / ... is not a principial
> problem for fanotify and we plan to go in that direction anyway for HSM
> usecase. However adjusting fanotify permission events for a per-process
> scope and for unpriviledged users is a fundamental difference to how
> fanotify is designed to work (it watches filesystem objects, not processes
> and actions they do) and so I don't think that would be a great fit. Also I
> don't see fanotify expanding in the networking area as the concepts are
> rather different there :).
Yes, I agree. We should take inspiration from the fanonify interface
though.
>
> Honza
>
> --
> Jan Kara <jack@suse.com>
> SUSE Labs, CR
>
prev parent reply other threads:[~2025-03-08 19:15 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 1:12 [RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 1/9] Define the supervisor and event structure Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 2/9] Refactor per-layer information in rulesets and rules Tingmao Wang
2025-03-04 19:49 ` Mickaël Salaün
2025-03-06 2:58 ` Tingmao Wang
2025-03-08 18:57 ` Mickaël Salaün
2025-03-10 0:38 ` Tingmao Wang
2025-03-04 1:12 ` [RFC PATCH 3/9] Adds a supervisor reference in the per-layer information Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 4/9] User-space API for creating a supervisor-fd Tingmao Wang
2025-03-05 16:09 ` Mickaël Salaün
2025-03-10 0:41 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-26 0:06 ` Tingmao Wang
2025-04-11 10:55 ` Mickaël Salaün
2025-03-04 1:13 ` [RFC PATCH 5/9] Define user structure for events and responses Tingmao Wang
2025-03-04 19:49 ` Mickaël Salaün
2025-03-06 3:05 ` Tingmao Wang
2025-03-08 19:07 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:29 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-11 23:18 ` Tingmao Wang
2025-03-12 11:49 ` Mickaël Salaün
2025-03-26 0:02 ` Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 6/9] Creating supervisor events for filesystem operations Tingmao Wang
2025-03-04 19:50 ` Mickaël Salaün
2025-03-10 0:39 ` Tingmao Wang
2025-03-11 19:29 ` Mickaël Salaün
2025-03-04 1:13 ` [RFC PATCH 7/9] Implement fdinfo for ruleset and supervisor fd Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 8/9] Implement fops for supervisor-fd Tingmao Wang
2025-03-04 1:13 ` [RFC PATCH 9/9] Enhance the sandboxer example to support landlock-supervise Tingmao Wang
2025-03-04 19:48 ` [RFC PATCH 0/9] Landlock supervise: a mechanism for interactive permission requests Mickaël Salaün
2025-03-06 2:57 ` Tingmao Wang
2025-03-06 17:07 ` Amir Goldstein
2025-03-08 19:14 ` Mickaël Salaün
2025-03-11 0:42 ` Tingmao Wang
2025-03-11 19:28 ` Mickaël Salaün
2025-03-11 20:58 ` Song Liu
2025-03-11 22:03 ` Tingmao Wang
2025-03-11 23:23 ` Song Liu
2025-03-12 11:50 ` Mickaël Salaün
2025-03-12 10:58 ` Jan Kara
2025-03-12 12:26 ` Amir Goldstein
2025-03-08 18:57 ` Mickaël Salaün
2025-03-06 21:04 ` Jan Kara
2025-03-08 19:15 ` Mickaël Salaün [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250308.Ce9iqu4evooL@digikod.net \
--to=mic@digikod.net \
--cc=amir73il@gmail.com \
--cc=gnoack@google.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=repnop@google.com \
--cc=tycho@tycho.pizza \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).