From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kernel-hardening-return-11084-gregkh=linuxfoundation.org@lists.openwall.com>
X-Google-Smtp-Source: ACJfBovOvURpk6+yEUoroMMGYP8tJAD99DFd54U8hjR2w9jgnl87CYbgPBMFnCxJecXiHX8gmVC4
ARC-Seal: i=1; a=rsa-sha256; t=1515371791; cv=none;
        d=google.com; s=arc-20160816;
        b=bARNiPUSdcQ0IbWG8XO+qchBqPu9UV3MRZzXxW3Xu+3nzlAyqdZ2Ic5i1dYA9il8Dr
         JPbTri1ZxaYaF4DyRhRSgQyach8of9Ffi1P1tKysav9FoOt4SnMgzKZUBksiHpGBz/H/
         OYGi2Ts7x7fsmsJJYzluixdhLElg6YwRQrkTbIWBQMra9ZoDSSda1mr6sQ8rWzFou8iu
         vahns7K4NvQ5l6SrD1p61P2KMsIfmdUVOEMcPscAJtTmjthWjisYhk7sBHKdPPvTa5A5
         BTJ/TH6ccbP8D06X13InhJDdS1nh0VgOSPQZrHxM6KO6QtCh3HsaIMW3A7I4vxzpt6vQ
         VXAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:mime-version:user-agent:references:message-id:in-reply-to
         :cc:to:from:date:dkim-signature:delivered-to:list-id:list-subscribe
         :list-unsubscribe:list-help:list-post:precedence:mailing-list
         :arc-authentication-results;
        bh=lTzXLnXilJWim3hcVIBKxwcIcczaqXGsMoOITAgNEz8=;
        b=s3DYJPDSieX3QY8H4QWc3E7Y+vVzloLCBMbyPwvlCtRnTd6WUrMPTeyrAFmQIth4CU
         1lrWAWxvc8nSq6eMXfcGcY/2kC/zZOnmJfik4i6fFzV7EkCgB2HRUQt6bwrEmf1lFM9B
         PHNoW9MgDNbHtA07n7y8QKYPaaFawr6N14aNg+fuQSSsVbRGj01Fu7+deP16BqZoIhhz
         rkDHzdIbLOysgXDesrbV0QeuaN+S5HC5sep8a6fmoGgS4NtE+/6XyHIQrEKa7Es7goQc
         t9Fn5A6PV1dSHqCg686M827m5K8vH8mnJtkhK7/PRBA23EemVJXdkx0ZDHksDx/7Y7wu
         Q7kw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@oracle.com header.s=corp-2017-10-26 header.b=Eg4GXan5;
       spf=pass (google.com: domain of kernel-hardening-return-11084-gregkh=linuxfoundation.org@lists.openwall.com designates 195.42.179.200 as permitted sender) smtp.mailfrom=kernel-hardening-return-11084-gregkh=linuxfoundation.org@lists.openwall.com;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Authentication-Results: mx.google.com;
       dkim=fail header.i=@oracle.com header.s=corp-2017-10-26 header.b=Eg4GXan5;
       spf=pass (google.com: domain of kernel-hardening-return-11084-gregkh=linuxfoundation.org@lists.openwall.com designates 195.42.179.200 as permitted sender) smtp.mailfrom=kernel-hardening-return-11084-gregkh=linuxfoundation.org@lists.openwall.com;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
Date: Mon, 8 Jan 2018 11:35:26 +1100 (AEDT)
From: James Morris <james.l.morris@oracle.com>
X-X-Sender: james.l.morris@localhost
To: =?UTF-8?Q?Mahesh_Bandewar_=28=E0=A4=AE=E0=A4=B9=E0=A5=87=E0=A4=B6_=E0=A4=AC=E0=A4=82=E0=A4=A1=E0=A5=87=E0=A4=B5=E0=A4=BE=E0=A4=B0=29?= <maheshb@google.com>
cc: LKML <linux-kernel@vger.kernel.org>, Netdev <netdev@vger.kernel.org>,
        Kernel-hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>, Serge Hallyn <serge@hallyn.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        Eric Dumazet <edumazet@google.com>, David Miller <davem@davemloft.net>,
        Mahesh Bandewar <mahesh@bandewar.net>
In-Reply-To: <CAF2d9jiPYvMN=_guoZHyTA5FmMgaJb5mtxroi5D9NvcNrHc5gg@mail.gmail.com>
Message-ID: <alpine.LFD.2.20.1801081131190.8436@localhost>
References: <20171205223052.12687-1-mahesh@bandewar.net> <CAF2d9jit74_VCdD-pEFy3bJo2W1-0cDo0BOJC5beJiy8yFPCWg@mail.gmail.com> <alpine.LFD.2.20.1712301931360.24310@localhost> <CAF2d9jiPYvMN=_guoZHyTA5FmMgaJb5mtxroi5D9NvcNrHc5gg@mail.gmail.com>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="8323328-1193620534-1515371754=:8436"
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8767 signatures=668652
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=833
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801080005
Subject: [kernel-hardening] Re: [PATCHv3 0/2] capability controlled user-namespaces
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1585984920411073844?=
X-GMAIL-MSGID: =?utf-8?q?1588982491041265539?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

--8323328-1193620534-1515371754=:8436
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

On Tue, 2 Jan 2018, Mahesh Bandewar (=E0=A4=AE=E0=A4=B9=E0=A5=87=E0=A4=B6 =
=E0=A4=AC=E0=A4=82=E0=A4=A1=E0=A5=87=E0=A4=B5=E0=A4=BE=E0=A4=B0) wrote:

> On Sat, Dec 30, 2017 at 12:31 AM, James Morris
> <james.l.morris@oracle.com> wrote:
> > On Wed, 27 Dec 2017, Mahesh Bandewar (=E0=A4=AE=E0=A4=B9=E0=A5=87=E0=A4=
=B6 =E0=A4=AC=E0=A4=82=E0=A4=A1=E0=A5=87=E0=A4=B5=E0=A4=BE=E0=A4=B0) wrote:
> >
> >> Hello James,
> >>
> >> Seems like I missed your name to be added into the review of this
> >> patch series. Would you be willing be pull this into the security
> >> tree? Serge Hallyn has already ACKed it.
> >
> > Sure!
> >
> Thank you James.

I'd like to see what Eric Biederman thinks of this.

Also, why do we need the concept of a controlled user-ns at all, if the=20
default whitelist maintains existing behavior?


--=20
James Morris
<james.l.morris@oracle.com>

--8323328-1193620534-1515371754=:8436--