From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Herrmann <dh.herrmann@gmail.com>
Subject: Re: [PATCH 0/6] File Sealing & memfd_create()
Date: Thu, 20 Mar 2014 16:12:54 +0100
Message-ID: <CANq1E4Ro8bsgp1QS_Qf9KKBAMZH+joMW5DmfyZ4OBJuTxdXCZA@mail.gmail.com>
References: <1395256011-2423-1-git-send-email-dh.herrmann@gmail.com>
 <CA+55aFyNORiS2XidhWoDBVyO6foZuPJTg_BOP3aLtvVhY1R6mw@mail.gmail.com>
 <CANq1E4TuiU6_J=N0WoPav=0AxOJ9G1w+FGvO15kmGP76i+-caw@mail.gmail.com>
 <20140320144127.1d411f26@alan.etchedpixels.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: linux-mm <linux-mm@kvack.org>, Ryan Lortie <desrt@desrt.ca>,
 Kay Sievers <kay@vrfy.org>, Johannes Weiner <hannes@cmpxchg.org>,
 Hugh Dickins <hughd@google.com>,
 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 DRI <dri-devel@lists.freedesktop.org>, Daniel Mack <zonque@gmail.com>,
 linux-fsdevel <linux-fsdevel@vger.kernel.org>,
 Karol Lewandowski <k.lewandowsk@samsung.com>,
 Lennart Poettering <lennart@poettering.net>,
 Greg Kroah-Hartman <greg@kroah.com>, Tejun Heo <tj@kernel.org>,
 "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Alexander Viro <viro@zeniv.linux.org.uk>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Return-path: <dri-devel-bounces@lists.freedesktop.org>
In-Reply-To: <20140320144127.1d411f26@alan.etchedpixels.co.uk>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
List-Id: linux-fsdevel.vger.kernel.org

Hi

On Thu, Mar 20, 2014 at 3:41 PM, One Thousand Gnomes
<gnomes@lxorguk.ukuu.org.uk> wrote:
> I think you want two things at minimum
>
> owner to seal
> root can always override

Why should root be allowed to override?

> I would query the name too. Right now your assumption is 'shmem only' but
> that might change with other future use cases or types (eg some driver
> file handles) so SHMEM_ in the fcntl might become misleading.

I'm fine with F_SET/GET_SEALS. But given you suggested requiring
MFD_ALLOW_SEALS for sealing, I don't see why we couldn't limit this
interface entirely to memfd_create().

> Whether you want some way to undo a seal without an exclusive reference as
> the file owner is another question.

No. You are never allowed to undo a seal but with an exclusive
reference. This interface was created for situations _without_ any
trust relationship. So if the owner is allowed to undo seals, the
interface doesn't make any sense. The only options I see is to not
allow un-sealing at all (which I'm fine with) or tracking users (which
is way too much overhead).

Thanks
David