[RESEND,RFC,v2,08/14] device_cgroup: Hide devcgroup functionality completely in lsm
| Message ID | 20231025094224.72858-9-michael.weiss@aisec.fraunhofer.de |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479368vqx;
Wed, 25 Oct 2023 02:45:01 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFrQcp5Qs8dmyOPpfQtQlvJfnxxFocyqOdJRPePlShfDfBtqKYmjGjnKG2mJupNN1Nu4J5v
X-Received: by 2002:a05:620a:280b:b0:76d:bda0:e48e with SMTP id
f11-20020a05620a280b00b0076dbda0e48emr16917369qkp.46.1698227101665;
Wed, 25 Oct 2023 02:45:01 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1698227101; cv=pass;
d=google.com; s=arc-20160816;
b=u/clx9Zj8I8+bM+zn8A3rulAsS3VSHRozl75e1rAlZ9KW+y5KaD/TqS89sh/6E30Vm
Sq9Cra7o0MelefHKukBkkNaeerYiWw5c+GAhWSTtmBTBf9dpHp+d80chGBToCxWqC3UL
XrfcYtGyHw4UCR27aZ1tUfw3AY7VAOCPTEl4DsltqhCrY0m7+DfhE+SAxF7+J6CExeTl
KdFR7hNKzzH7YJI7b50qAJQgrTTXaFGbijX7zyQBdNLj4CsTIoMAfiEsPEO5B+BVjvAo
SONZ7d44VUy4mfOXlzFfzaLpojpwIU/2EdF8lrOkHwFEeovz5CDb6lYnRINup7bR989k
vOGQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:content-transfer-encoding
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr
:ironport-sdr:ironport-phdr:dkim-signature;
bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=;
fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=;
b=R5IMsSU6JRuXATJ6B2K3DNqgrs1hlZyCEevmywCrlSybo8qEUuisUJov+2elNPkq73
EAKhkXfvs//umz2Rc6ROalRAMIifcxfXugdh2GRNP0QvhE1qGojODsyFe6hlyQ82T21u
okhXAJ/oxIs2eWxyQmQSV7h4g/D4EEEgUzVitR6zKObygkBHVD9ccDvwnYtdbnwWtUJs
nJS5upS84e9Y6x6qvJv535F0ATvX1bsmFWkV+amX43dBHMsIsDnq3iSyazplX6IP7rdD
gK8tKaiRaeDIYVp8sexjBdB22i6a4pQA6B6NR6+aFc9Z7mRzqYTdRENcu+Cz+PSoZ8C3
1twA==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1
header.b=hgqRT+mw;
dkim=pass header.i=@fraunhofer.onmicrosoft.com
header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6;
arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass
dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:8 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8])
by mx.google.com with ESMTPS id
w62-20020a25c741000000b00d9adea86ff6si9648962ybe.97.2023.10.25.02.45.01
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 25 Oct 2023 02:45:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:8 as permitted sender)
client-ip=2620:137:e000::3:8;
Authentication-Results: mx.google.com;
dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1
header.b=hgqRT+mw;
dkim=pass header.i=@fraunhofer.onmicrosoft.com
header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6;
arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass
dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:8 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by fry.vger.email (Postfix) with ESMTP id EF0C880FC1AD;
Wed, 25 Oct 2023 02:44:57 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234694AbjJYJop (ORCPT <rfc822;aposhian.dev@gmail.com>
+ 26 others); Wed, 25 Oct 2023 05:44:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39118 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S234676AbjJYJoO (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 25 Oct 2023 05:44:14 -0400
Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de
[IPv6:2a03:db80:4420:b000::25:27])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C61EC9D;
Wed, 25 Oct 2023 02:44:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de;
q=dns/txt; s=emailbd1; t=1698227052; x=1729763052;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:content-transfer-encoding:mime-version;
bh=oxWDGcnVMwXFlfg3W7IKT59Jzi+dyHx6V1yuIAZISXo=;
b=hgqRT+mwQhxyaA+qw67e5IGLuRJAtdBXd5i4aItZYcgHCd+2g2gPu3e5
Z6rNtYA+5jxP39y9WoJ50S4cAXPOSNrAWt7PQAA5skoDGr9q2Ihe3eq2a
kViIccFitbxFzStCZnByI2fB4c+uGmllltzO7t8obFM34inAC8OptSb4l
1B+9nKwyAheCGfoKzMzxTHYjZ5bLElkFLJj8zEZTS5vhqYw7vcfo6TBrA
dsEPdimLjZjZdx5MQtYmv4XHLbI9MRS1AzxDFcapIAINbztx87yPZzpCY
I3BGoJv0u/s2sljlQR+X/BuSDNBScjN06CldltTAGoyOsGEc/rprnBbM/
w==;
X-CSE-ConnectionGUID: WZHM/xG6QeWg+jJ8GvC5uw==
X-CSE-MsgGUID: eDYbp71HQcCRAwDxhgYgxA==
Authentication-Results: mail-edgeka27.fraunhofer.de;
dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result:
A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdpWsqgSwUgREDVg8BAQEBAQEBAQEHAQFEBAEBAwSEdQoChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGIEygQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaBPm+EKS+DRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BDUUdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BD4JXHpYQAa55B4IxgV6hCRozlyuSTy6YDiCiPoVKAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIDiDQI97dAI5AgcBCgEBAwmCOYkSAQE
IronPort-PHdr: A9a23:uecSFBdbpU/jXvmQ7rrk1DJFlGM+49/LVj580XJao6wbK/fr9sH4J
0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E
tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK
xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC
JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvbIj+9RqimedF+ia1Id34Rq0zW2ij3
YRvTibJqHY3PWcT8Tzbr/Z7grxE/Efywn43ydvWbY+3DchBILjAcvczQltcePRdRQUcA7GdV
ocENvceEssI98re+mot9EPmD1WLHOi+6WJkg27kz/0K2OV6DSXsgTYhO/YXsUj0tN/VbIcUV
+uelqTK4BaAbtJHwRDS0tXJakgNsdzdYptUKteM11kRSh+dkHOVmJLXbjOZ+fYdmW+lvro4b
P6UonMekjNjiAqo6egW27PMuZgx51TvrCFV3IosfP+JUGcqYsXxQ9NA8iCAMI1uRdk+Bntlo
zs+1ugesIWgL0Diqbwizh/bLvGLfIWL60i8EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt
StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i
6r+Sw==
X-Talos-CUID:
9a23:bJKUxGt+N9rr676lHSnkJBbq6IsaQF34i2f/fXa1NmkqSp/FZkG7pb57xp8=
X-Talos-MUID: 9a23:n06HvwRO/ILW5gDsRXThqABoLJgxw52lI3okjrkWu8a1OjxZbmI=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,250,1694728800";
d="scan'208";a="1597276"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26])
by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
25 Oct 2023 11:43:08 +0200
IronPort-SDR: 6538e32b_8LqzoNYC0Pmo74MEZcaqQl9pyx4ENdrFiwt7t/1q/dtkCxh
jl8UKPABgPl54arDzuUoGNz11WXyKfz5eZG+y3g==
X-IPAS-Result:
A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZwYgSwUgREDVg8BAwEBAQEBBwEBRAQBAYR8CgKHFwInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoE+b4Qpg3WCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQQ1FHYQKgQUF4ERbgUaFR43ERIXDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfFgQcCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbYEPglcelhABrnkHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPk+CZ08DGQ+OIDiDQI97QTMCOQIHAQoBAQMJgjmJEQEB
IronPort-PHdr: A9a23:X5LsFxNxlPUN3uk3KMEl6nZKDBdPi9zP1nM99M9+2PpHJ7649tH5P
EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG
8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ
Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y
KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA1338x69b8/evxPYucVhyCeRIMr0EbEGejCk1
oZLGS/i0Q0GajIcymrZlNMs2fE+wlqr8h5yzaztUr7LL+dxWoraTM48d2ZTd5tQZQ14DoiFc
pQgIrpZfsUFnqqk/wME8TymDliPWc/q2y1a1k/93PYm9858KwDi+BUhI/IWulSMjNPzP4xIX
OKY7+rJ7CTbSNxshDblsKTYX0EeiNXXQO9uYfSM1RExMQb0kGfBqYDKLSO/0dpc4zCi89FJS
NuWuXwNmQZejQL+/MITkK3kgqlMznzY+Twg4rctDIy7UxsoKc7hEYFXsTmdLZczWM45XmV07
T4z0aZV0XbaVC0DyZBiwgLWSNXdLc6G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs
jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg=
IronPort-Data: A9a23:oHqU6qxWgngo1oaj/yV6t+eywirEfRIJ4+MujC+fZmUNrF6WrkVSz
2FOXW2APqmCZGH0Ko91O9u19kkP6sfRytEyTgFk/1hgHilAwSbn6Xt1DatQ0we6dJCroJdPt
p1GAjX4BJloCCWa/H9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7dRbrVA357hWGthh
fuo+5eEYQf/hmYtWo4pw/vrRC1H7KyaVAww4wRWicBj5Df2i3QTBZQDEqC9R1OQrl58R7PSq
07rldlVz0uBl/sfIorNfoXTLiXmdoXv0T2m0RK6bUQCbi9q/UTe2o5jXBYVhNw+Zz+hx7idw
/0V3XC8pJtA0qDkwIwgvxdk/y5WBfdE6pqYAV2DjtGJ0Uqca0ToydhVExRjVWEY0r4f7WBm7
vkEMHYAfhuDweysya+9Su5ii95lIMSD0IE34yw7i2CGS695ENaaGfqiCdxwhF/cguhLHP3eb
scdLyVibQ/bSxROIVocTpwklfquhn7xficepF/9Sa8fvTiPnFIqiOiF3Nz9df7NfOR6xRait
2+auGX1PCsQPuHH8G/Qmp6rrqqV9c/hY6obELCo//hmjUe7w20TARkXXkq95/K+jyaWUchWN
koZ4AItoLI0+UjtScPyNzWxu2KsvRMGXddUVeog52ml0qPJ5y6BD3UACztGb8Yr8sQxQFQC2
laPnt7tLT1ov7CcU3ia5vGSoC/aESETIXUDZAcHQBED7t2lp5s85jrKR8x/EajzitToMTXxx
S2a6iQzmd07lskN2I248ErBjjbqoYLGJiYk5h7/UGjj5QR8DKanYIyur1bS9upJJoufQnGOu
XEFn46V6+VmJZKVjy2LT+UlH7yz4fuBdjrGjjZHBJUv3zuq/HGncMZb5zQWDEdgNcIZfhfmZ
0jcvQ4X75hWVFOoaqtsaqqyBt4swKymEs7qPtjNc9dIfpl3XA6c+z9nYUOWwybml01Eub8+I
5CzY8uqDGhcDaVh0SrwQP0Sl6Iorgg7xGDXQovT1Aaqy7eSZTiVVN8tOV6PdL9i7aesrwDc8
tIZPMyPoz1EXffxbwHX+IoXPFZMJn8+bbj8s8J/aOGOOExlFXsnBvuXxqkuE6RhnqJIhqLL8
2u7V0tw1lXynzvEJB+MZ3Qlb6ngNb57rHQmLWkiJlqlxXUnSZig4b1ZdJYte7Qjsut5wpZJo
+ItIpjbR6UQD22YqnFEN8a7sokkf1KlnwuTOSqibjUlOZJtL+DUxuLZksLU3HBmJgK5r8Ijp
b2n2A7BB50FQgVpFsHNb/yziVi2uBAgdChaBiMk+/ECKRm+w5sgMCHrkP48LucFLBiJlHPQ1
B+bDV1c7aPBqpM8uouBz62VjZabI80nFGpjHk7f8emXMwve9TGd2oNuaruDUg3cc2LWw5+cQ
9tp4cvyC9A5uWpbkpFdFu9rxJ0u5tG0qL59yB9lLUrxbF+qK+1BJF+a0elmq599xr1QklazU
Ueho9NfOau7Pf30NFsrICskceWx+vUGkRbC7fkOARvb5Q0m2JGlQEltLx23pygFF4RMMaQh2
vYHhM4azyedmygaGI+KoQ4M/lvdM0Fadbsss68rJbPCiy0p+wlkWoPdACqn26O/QYxAHWdyK
wDFmZeYoapXw3fDVH8BFXLt++55rrZWsTBoyG4yHXi4quDntNQWgiIIqS8WSz5LxCppy+hwY
2hnF3NkLJW0ogtHupJxYHCOKSpgWjui5U3D+3kYnjb4Tm6pdFD3Ak8TBOKvxH0dokVgJmV13
bfA02v0cyfYTOeo1AsIZENVgfjCT9twyw78pP6aD/m1R5kXXD60rZKtNEwpqgTmC/wfnEfoh
/dn18cuZLzZNRw/mbwaCY6b5IsUWiK7AXFwR9Nh8JxUGmuGSjW52GWNGXuQYeJIHeTBqmWjO
vxtJ+VOdhWw7zmPpTYlHpwxI6d4sfoqxdgacJbpGDI2iKSepT9Xr57gzCjyq2s1SdFIk8xmC
IfuWx+dM26X3114pnTsqZRaB2+GftU0Xg3w8+Sr+uEvFZhYkuVNc1k344SkrUeuLwpr0BKFj
jztP5aM4bRZ9r1tuI/wHoFoJQa+c4rzXdvV1jGDiY1FaNeXPPresw8QlELcAD1XGrksQPVyq
6WGtY/m/UHCvYtuaVvjpbu6K/Br6/mxDc1tCeCmCFlBnCCHZt3g3AtbxUC8Nq5ysY184uuJe
lKGTfWeJPApX+VT/nl3UxRlMg08Dv33Z5jwpCnmoPWrDAMc4DP9L9im1CHIaE9DfXU2Obn7O
B7Fi8iz7/8JqbZ8JQI2KMxnJ7RaI1bTf7QsWPOslDufD0iu2kijvJm7nzUeyDj7MFu2O+ek3
oDkHz/QLA+TvoPMx/Fn671ChAUdVitBsLNhb3Aj9M5ToBHkKmw/dMA2E4gMU7NQmQzMjKDIX
inHNjYeOH+sTAZ/UEvO5fr4VV2iHc0IANDyIwIp826yayubAIChAqNrxhx/4kVZKyfS8+W6F
e4wonHAHAC94pVMd9Yh4vaWheRGxPSD4lkq/Uv7sdL5AjdAILEs+UFiIjFwVn38I5mQrHnIG
Gk7ezkVCgXzA0v8Ct1pdHNpCQkU9mGnhSkhaSCUhs3TocOHxelH0+fyIPz3zqZFVskROboSX
jnicgNhOYxNNqA74sPFY+4UvJI=
IronPort-HdrOrdr: A9a23:VpQ6yqvSp2SKoYIyXEu1mfc17skCf4Mji2hC6mlwRA09TyXGra
+TdaUguSMc1gx9ZJhBo7G90KnpewK5yXcT2/hsAV7CZniahILMFu9fBOTZslvd8kHFh4xgPO
JbAtND4b7LfClHZLjBkXCF+r8bqbHtmsDY5ts2jU0dNz2CA5sQkTuRYTzrdXGeKjM2YKbQQ/
Gnl7V6T1nJQwVUUizlbUN1G9QqwrXw5dHbiFM9dmgaAE7kt0Lc1JfKVzyjmjsOWTJGxrkvtU
LflRbi26mlu/anjjfBym769f1t6ZDc4+oGIPbJptkeKz3qhArtTp9mQae+sDc8p/zqwEo2ke
PLvwwrM61Imjvsl1mO0FbQMjTboXoTAyeI8y7WvZKjm72xeNsCMbsKuWoDGSGppXbI8usMkZ
6j5Fjpxaa/PSmw7BgV2OK4JC2C7nDE2UbKsdRj+0C3ArFuH4O5B7ZvvDITLH5HJlO+1Lwa
X-Talos-CUID:
9a23:rYO3PGpwZiokpX4hEZS3p3zmUfh/cG/4k1f1H3ClE3huEqWqTVW9w7wxxg==
X-Talos-MUID:
9a23:s8+vRw2mSwWOLRugLEVTEq/7jjUj7IbpMWEiysU8qsTYci18BQ2Xhgnve9py
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,250,1694728800";
d="scan'208";a="68486308"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO
smtp.exch.fraunhofer.de) ([153.97.179.127])
by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
25 Oct 2023 11:43:07 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by
XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1258.27; Wed, 25 Oct 2023 11:43:06 +0200
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.168) by
XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:06 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=gxc6IZKHi3PG8yYtV04uOu/dGg+DwwKj0OmO61lMow8WiaeGU+MyuFrcWelcpn1u7wp8S4vHCNe/DH51cIO71d61jk6lpv6/v/LHm5DnqNCrNl4VwJu3wdT/9SgEzYq+RbQrNZYkXclSR9VDxiAB5SUAmvu1XoYrlIcGB9zT0JPfusVUZ5IsAUSQs8K9+vns3l1XDw/mqo+12/Es6y7U9a9vD9hzoHlyNzMD65H1EY5UJn4QZsEKc0TrSkqhI0AhmSqfEKBZkrKVOd3TrR65MW6/oO54HiOu6e3z/q4byePQsxsMzEKUgivdU4EsI/k8pjrk8VEcvcPd+XJep5w0Zg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=;
b=Oelfl45kD/cELO3Si57nGwi3mO3SMqqz48rK3vuBz5U66dqoJmQBwK8rBJAQAj1GayvULbfRthnT+vCIm6EUZ/XxgoPWd5S0YB13l1sGv+wqvrYUYJirYgMHGdV4YhHjeW6VjtkFYanT9w8AoLfLRV/Ttj/sqL1jnk9Sy/TuXIBQ5x6ULUYTMDCJCasyMLF+QwnpbT+duAlZQ2rs6je38v9dabaSuO81UEdEbT9uESoQdiC+kAmvzEUUsXPg92Gc/5nKBIOe9xEnKKTvLvMaNOTWCUDmrH+abPvF6UKuGgVO4sl4jo6l9TeR2XU6wYoG6pPNaTE6wD2rSCkp6VSHuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none
header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de;
arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=;
b=jefJQZW6sugLAoYuNZdzA5iZIQdcQuwGE80+K5YK100b4Opc9K5Dmyzz8Xci3tLB5RiLLqiTHpbH0HnncC2ejEK+iIypOGR5ip0DxE9WAL3u5vxV5t0vNmYvZ9hdGzxBoV980QtSAuQQZzBZoGGR9RmWrLElC1lDtdq1JYpA9ks=
Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14)
by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct
2023 09:43:00 +0000
Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023
09:43:00 +0000
From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
To: Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Christian Brauner <brauner@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Paul Moore <paul@paul-moore.com>
CC: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>,
Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>,
<bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>, <gyroidos@aisec.fraunhofer.de>,
=?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
Subject: [RESEND RFC PATCH v2 08/14] device_cgroup: Hide devcgroup
functionality completely in lsm
Date: Wed, 25 Oct 2023 11:42:18 +0200
Message-Id: <20231025094224.72858-9-michael.weiss@aisec.fraunhofer.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:b10:50::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_
X-MS-Office365-Filtering-Correlation-Id: 8d886489-78f6-4591-3f95-08dbd53ec6ff
X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
ndlma0MVWI/LgjB6ouDGoxg0X6efYczAJ5OJ1x0o+Nzzy+q/LU0T7beIb23bdlLfpn3hSUfdrqzDpb89bwMNawkFfHBkakfsOqx5Q3ugBg2YbNFVCJm6MmVBSffGsyyMlj1UXv7aZlD9sMyfzpXRX06qoI9aBhwJThD8yPRXKspUYGrlSUkJ1WPIKVSIsalqSz/+IhByDSonZYyEii8o1krSrN1lS6/hwrdk1X2b4gH1/7Jng7Y+w/BjeXDB0NOD/QmQeJaf5BVGF+PwlDBswn+7FP+ea6uTn2B+SKW4gUeBWTg6+q3gTB2WysYqMvAwK6wpUa3k7mr2pAKTpRFbCN4KooYn0d2+yEefmn2vInjJbVLYaoiPXfPY2df+aEL7h/LU1PXD4uyfdWHQGNLfCk7x3HOJLv3HCAhaseVbf9GGNbxpoJ1L3LHDf4VYA5fKy9hw01HMwubfxsJeair9vDli0kXRvaBVxxrv+tx/4AMLRv2HeMo14Qf9vP6L4bVBX+rE6IH72rJ7Cbklq85OpCwUGrMlOVIxCBpYsTo0emgSQUGj9IjvcWATpmNG9NGyf/Ko2oC13apcHcUSdDRSK6KPFrApQprHkV8z+iN87s0=
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?u27QFYJvEXBcIKlwmuoTG4cF+KHv?=
=?utf-8?q?XslKVvKHgo+n3n1sUcGBawbDEoqZWn9QP4JOcsie/sTKdRi98Bilipv9badK9NwlA?=
=?utf-8?q?sE8VlbLb5JT09EpZ+wuSzIOrfqUwlBhjTdVBZFm050NGc+2AxiykUfcpHI9Uhwgx7?=
=?utf-8?q?whgDI5GYmWA4x9/8TvrApWo3pkGsHLs1G2ebVKRhr2ZCF9hcLncGQeKJ96n4ekRff?=
=?utf-8?q?pJEgyIhPiQ6rEMDBwYy/CbSM7B5Y2c6fFQ9O988um7sXlcHQ4YEB0TPi3tK3Mga6x?=
=?utf-8?q?bDk3VPhXjtDMBsYXjgjOxzGpmXplzCPZbUKPRRrOUKO0i01LQAuaZKz6Fzejzc6Wq?=
=?utf-8?q?DhejAYODgeq2Rl9DETwgS4kY2x8FvUCcsUv33tHx5HpWJIQpm0xYpgQg2G5TrS9LD?=
=?utf-8?q?hyBVlbWdWX0g5IxuEwCwiUB568jqGc2c+VHl5Fj0KLbcg/A4iuKc/Q2PG7jlZL/z0?=
=?utf-8?q?SJBSTiyJI5PLaa0k1nzG0E3M4EIZpmT2400I6Rppn8RT0QboT7P+yCN/+UBcU/JBs?=
=?utf-8?q?excq7BwpcSgzfcSqPrW9+DFVz5aFpLljDUdlAympSxl5362It1rWd4NJ4jhgqrAIl?=
=?utf-8?q?uKD937nTlviJ3xo8WT2jk2APZ7u6X58DJkSr2jcX1T+VE11GG/1daWv1n6FoHcHSp?=
=?utf-8?q?AV46GfAPSvn5mHnbwa+SrD29HhlIZd/BixI/hoszgu2f6Xu7mmNpqtK9aX3a1zyl+?=
=?utf-8?q?DD/Wkp1Tu31nTsKyCb3SEw+B8onKFqhX21Ar9573sVU3WaipPVYkQay0rcAGCdbXk?=
=?utf-8?q?S3MUGL2dj3Bj//Q52LSWxEbTmFqXTB8JWVLMS+1oBtERbWicFlJb1yTletnOzryUt?=
=?utf-8?q?TAYaAC1+EbcaBeopoC8lSVS1KxGJdhhQTybT04E+Y6esYkUTuFXpD/LXLp0Af9pRq?=
=?utf-8?q?tQk4TKQmW37qQZvVrwgE8my+icJKRWRAiT5JPw78dYhjmy9j+H3yQVx7dytustBju?=
=?utf-8?q?5Ee4zE/eEo+0lKPNR2uXK93vLCkU3HPNDsyK8e80HEZZhOvBOacc2NBMCNzeFihgT?=
=?utf-8?q?czyf/uX7YSrWyOiKrdxGrUI0Gc5sf1cbxTREzVDtgaOB/AoCDwwtzfWd/oXTY2kT5?=
=?utf-8?q?+Lt5W7r51tQqwATCW0by1xKIP6Y5LvDv+tVWbbAtG//p+X1Db1Ckw4ktF10km67Lr?=
=?utf-8?q?st/pEJdx7iRtrzMzOJYAaLpQsmz47QsMuT2n2RnCdJiuOigADYWHHasNlplYXDIeo?=
=?utf-8?q?5M/2/ie8F+XGS5hQ8F0h/fZrAbxd8vjvnNLmthuxIlhTrnohNS9EnpXwb2iBRWkdz?=
=?utf-8?q?JHLOErZPSGQWAh5P3rGIu61/ddYgeC2N8PSw4ZNh4DRFORNkKu3DwZ0eNJ9xDqv7K?=
=?utf-8?q?IAKyJXDPiz87R7hpMb5KnaZq+wk5tc+E4PFvzWqioYyuIU4doM6q3slE3rUrqJtut?=
=?utf-8?q?o0RETSBDcE9R7I7YippWZ/cD+qKOIHSjUvL+Bw5vp38WCn5c0tzo2m7mMxJ4ET2va?=
=?utf-8?q?yX0jIzvnfvNrCOIcGQ+caJ/a2QPNSPnTzVb0yxGPsl3BCIbBK87WsFZNTS7AAdZ4F?=
=?utf-8?q?02HKuEX6Ot9Iw1d0d5Qn/1k3rlvhoob/18ekXFPVD60Eq5lww9bbCdvdy9pJedBnz?=
=?utf-8?q?g2OkW9TmxSKQUN5NW+0rmcaLvp42z9G4w4jzFmq5WaZxybCgQHdFlQ=3D?=
X-MS-Exchange-CrossTenant-Network-Message-Id:
8d886489-78f6-4591-3f95-08dbd53ec6ff
X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:00.7572
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
of5JJ0/Dbvv/Mv5uDI+VRSliwBdlVUTne3G70JgQhm1qEM/3iGp/hpiGLjHq9pGRqPe8beFEOiHch394T5MJDVJpBsTksKXQ0VciK42KIonwLUBXJXn9roOLvwl+DxOQ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116
X-OriginatorOrg: aisec.fraunhofer.de
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]);
Wed, 25 Oct 2023 02:44:58 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780720181217926447
X-GMAIL-MSGID: 1780720181217926447
|
| Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 25, 2023, 9:42 a.m. UTC
Now since all users of devcgroup_check_permission() have been
removed, all device cgroup related functionality is covered by
security hooks. Thus, move the public device_cgroup.h header
into the subfolder of the lsm module.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
security/device_cgroup/device_cgroup.c | 3 ++-
{include/linux => security/device_cgroup}/device_cgroup.h | 0
security/device_cgroup/lsm.c | 3 ++-
3 files changed, 4 insertions(+), 2 deletions(-)
rename {include/linux => security/device_cgroup}/device_cgroup.h (100%)
diff --git a/security/device_cgroup/device_cgroup.c b/security/device_cgroup/device_cgroup.c index dc4df7475081..1a8190929ec3 100644 --- a/security/device_cgroup/device_cgroup.c +++ b/security/device_cgroup/device_cgroup.c @@ -6,7 +6,6 @@ */ #include <linux/bpf-cgroup.h> -#include <linux/device_cgroup.h> #include <linux/cgroup.h> #include <linux/ctype.h> #include <linux/list.h> @@ -16,6 +15,8 @@ #include <linux/rcupdate.h> #include <linux/mutex.h> +#include "device_cgroup.h" + #ifdef CONFIG_CGROUP_DEVICE static DEFINE_MUTEX(devcgroup_mutex); diff --git a/include/linux/device_cgroup.h b/security/device_cgroup/device_cgroup.h similarity index 100% rename from include/linux/device_cgroup.h rename to security/device_cgroup/device_cgroup.h diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index 987d2c20a577..a963536d0a15 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -11,9 +11,10 @@ */ #include <linux/bpf-cgroup.h> -#include <linux/device_cgroup.h> #include <linux/lsm_hooks.h> +#include "device_cgroup.h" + static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0;