[RESEND,RFC,v2,08/14] device_cgroup: Hide devcgroup functionality completely in lsm
Message ID | 20231025094224.72858-9-michael.weiss@aisec.fraunhofer.de |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479368vqx; Wed, 25 Oct 2023 02:45:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFrQcp5Qs8dmyOPpfQtQlvJfnxxFocyqOdJRPePlShfDfBtqKYmjGjnKG2mJupNN1Nu4J5v X-Received: by 2002:a05:620a:280b:b0:76d:bda0:e48e with SMTP id f11-20020a05620a280b00b0076dbda0e48emr16917369qkp.46.1698227101665; Wed, 25 Oct 2023 02:45:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227101; cv=pass; d=google.com; s=arc-20160816; b=u/clx9Zj8I8+bM+zn8A3rulAsS3VSHRozl75e1rAlZ9KW+y5KaD/TqS89sh/6E30Vm Sq9Cra7o0MelefHKukBkkNaeerYiWw5c+GAhWSTtmBTBf9dpHp+d80chGBToCxWqC3UL XrfcYtGyHw4UCR27aZ1tUfw3AY7VAOCPTEl4DsltqhCrY0m7+DfhE+SAxF7+J6CExeTl KdFR7hNKzzH7YJI7b50qAJQgrTTXaFGbijX7zyQBdNLj4CsTIoMAfiEsPEO5B+BVjvAo SONZ7d44VUy4mfOXlzFfzaLpojpwIU/2EdF8lrOkHwFEeovz5CDb6lYnRINup7bR989k vOGQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=R5IMsSU6JRuXATJ6B2K3DNqgrs1hlZyCEevmywCrlSybo8qEUuisUJov+2elNPkq73 EAKhkXfvs//umz2Rc6ROalRAMIifcxfXugdh2GRNP0QvhE1qGojODsyFe6hlyQ82T21u okhXAJ/oxIs2eWxyQmQSV7h4g/D4EEEgUzVitR6zKObygkBHVD9ccDvwnYtdbnwWtUJs nJS5upS84e9Y6x6qvJv535F0ATvX1bsmFWkV+amX43dBHMsIsDnq3iSyazplX6IP7rdD gK8tKaiRaeDIYVp8sexjBdB22i6a4pQA6B6NR6+aFc9Z7mRzqYTdRENcu+Cz+PSoZ8C3 1twA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=hgqRT+mw; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id w62-20020a25c741000000b00d9adea86ff6si9648962ybe.97.2023.10.25.02.45.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:45:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=hgqRT+mw; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id EF0C880FC1AD; Wed, 25 Oct 2023 02:44:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234694AbjJYJop (ORCPT <rfc822;aposhian.dev@gmail.com> + 26 others); Wed, 25 Oct 2023 05:44:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234676AbjJYJoO (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 25 Oct 2023 05:44:14 -0400 Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C61EC9D; Wed, 25 Oct 2023 02:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227052; x=1729763052; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=oxWDGcnVMwXFlfg3W7IKT59Jzi+dyHx6V1yuIAZISXo=; b=hgqRT+mwQhxyaA+qw67e5IGLuRJAtdBXd5i4aItZYcgHCd+2g2gPu3e5 Z6rNtYA+5jxP39y9WoJ50S4cAXPOSNrAWt7PQAA5skoDGr9q2Ihe3eq2a kViIccFitbxFzStCZnByI2fB4c+uGmllltzO7t8obFM34inAC8OptSb4l 1B+9nKwyAheCGfoKzMzxTHYjZ5bLElkFLJj8zEZTS5vhqYw7vcfo6TBrA dsEPdimLjZjZdx5MQtYmv4XHLbI9MRS1AzxDFcapIAINbztx87yPZzpCY I3BGoJv0u/s2sljlQR+X/BuSDNBScjN06CldltTAGoyOsGEc/rprnBbM/ w==; X-CSE-ConnectionGUID: WZHM/xG6QeWg+jJ8GvC5uw== X-CSE-MsgGUID: eDYbp71HQcCRAwDxhgYgxA== Authentication-Results: mail-edgeka27.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdpWsqgSwUgREDVg8BAQEBAQEBAQEHAQFEBAEBAwSEdQoChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGIEygQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaBPm+EKS+DRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BDUUdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BD4JXHpYQAa55B4IxgV6hCRozlyuSTy6YDiCiPoVKAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIDiDQI97dAI5AgcBCgEBAwmCOYkSAQE IronPort-PHdr: A9a23:uecSFBdbpU/jXvmQ7rrk1DJFlGM+49/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvbIj+9RqimedF+ia1Id34Rq0zW2ij3 YRvTibJqHY3PWcT8Tzbr/Z7grxE/Efywn43ydvWbY+3DchBILjAcvczQltcePRdRQUcA7GdV ocENvceEssI98re+mot9EPmD1WLHOi+6WJkg27kz/0K2OV6DSXsgTYhO/YXsUj0tN/VbIcUV +uelqTK4BaAbtJHwRDS0tXJakgNsdzdYptUKteM11kRSh+dkHOVmJLXbjOZ+fYdmW+lvro4b P6UonMekjNjiAqo6egW27PMuZgx51TvrCFV3IosfP+JUGcqYsXxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWL60i8EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== X-Talos-CUID: 9a23:bJKUxGt+N9rr676lHSnkJBbq6IsaQF34i2f/fXa1NmkqSp/FZkG7pb57xp8= X-Talos-MUID: 9a23:n06HvwRO/ILW5gDsRXThqABoLJgxw52lI3okjrkWu8a1OjxZbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1597276" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:08 +0200 IronPort-SDR: 6538e32b_8LqzoNYC0Pmo74MEZcaqQl9pyx4ENdrFiwt7t/1q/dtkCxh jl8UKPABgPl54arDzuUoGNz11WXyKfz5eZG+y3g== X-IPAS-Result: A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZwYgSwUgREDVg8BAwEBAQEBBwEBRAQBAYR8CgKHFwInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoE+b4Qpg3WCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQQ1FHYQKgQUF4ERbgUaFR43ERIXDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfFgQcCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbYEPglcelhABrnkHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPk+CZ08DGQ+OIDiDQI97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:X5LsFxNxlPUN3uk3KMEl6nZKDBdPi9zP1nM99M9+2PpHJ7649tH5P EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA1338x69b8/evxPYucVhyCeRIMr0EbEGejCk1 oZLGS/i0Q0GajIcymrZlNMs2fE+wlqr8h5yzaztUr7LL+dxWoraTM48d2ZTd5tQZQ14DoiFc pQgIrpZfsUFnqqk/wME8TymDliPWc/q2y1a1k/93PYm9858KwDi+BUhI/IWulSMjNPzP4xIX OKY7+rJ7CTbSNxshDblsKTYX0EeiNXXQO9uYfSM1RExMQb0kGfBqYDKLSO/0dpc4zCi89FJS NuWuXwNmQZejQL+/MITkK3kgqlMznzY+Twg4rctDIy7UxsoKc7hEYFXsTmdLZczWM45XmV07 T4z0aZV0XbaVC0DyZBiwgLWSNXdLc6G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg= IronPort-Data: A9a23:oHqU6qxWgngo1oaj/yV6t+eywirEfRIJ4+MujC+fZmUNrF6WrkVSz 2FOXW2APqmCZGH0Ko91O9u19kkP6sfRytEyTgFk/1hgHilAwSbn6Xt1DatQ0we6dJCroJdPt p1GAjX4BJloCCWa/H9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7dRbrVA357hWGthh fuo+5eEYQf/hmYtWo4pw/vrRC1H7KyaVAww4wRWicBj5Df2i3QTBZQDEqC9R1OQrl58R7PSq 07rldlVz0uBl/sfIorNfoXTLiXmdoXv0T2m0RK6bUQCbi9q/UTe2o5jXBYVhNw+Zz+hx7idw /0V3XC8pJtA0qDkwIwgvxdk/y5WBfdE6pqYAV2DjtGJ0Uqca0ToydhVExRjVWEY0r4f7WBm7 vkEMHYAfhuDweysya+9Su5ii95lIMSD0IE34yw7i2CGS695ENaaGfqiCdxwhF/cguhLHP3eb scdLyVibQ/bSxROIVocTpwklfquhn7xficepF/9Sa8fvTiPnFIqiOiF3Nz9df7NfOR6xRait 2+auGX1PCsQPuHH8G/Qmp6rrqqV9c/hY6obELCo//hmjUe7w20TARkXXkq95/K+jyaWUchWN koZ4AItoLI0+UjtScPyNzWxu2KsvRMGXddUVeog52ml0qPJ5y6BD3UACztGb8Yr8sQxQFQC2 laPnt7tLT1ov7CcU3ia5vGSoC/aESETIXUDZAcHQBED7t2lp5s85jrKR8x/EajzitToMTXxx S2a6iQzmd07lskN2I248ErBjjbqoYLGJiYk5h7/UGjj5QR8DKanYIyur1bS9upJJoufQnGOu XEFn46V6+VmJZKVjy2LT+UlH7yz4fuBdjrGjjZHBJUv3zuq/HGncMZb5zQWDEdgNcIZfhfmZ 0jcvQ4X75hWVFOoaqtsaqqyBt4swKymEs7qPtjNc9dIfpl3XA6c+z9nYUOWwybml01Eub8+I 5CzY8uqDGhcDaVh0SrwQP0Sl6Iorgg7xGDXQovT1Aaqy7eSZTiVVN8tOV6PdL9i7aesrwDc8 tIZPMyPoz1EXffxbwHX+IoXPFZMJn8+bbj8s8J/aOGOOExlFXsnBvuXxqkuE6RhnqJIhqLL8 2u7V0tw1lXynzvEJB+MZ3Qlb6ngNb57rHQmLWkiJlqlxXUnSZig4b1ZdJYte7Qjsut5wpZJo +ItIpjbR6UQD22YqnFEN8a7sokkf1KlnwuTOSqibjUlOZJtL+DUxuLZksLU3HBmJgK5r8Ijp b2n2A7BB50FQgVpFsHNb/yziVi2uBAgdChaBiMk+/ECKRm+w5sgMCHrkP48LucFLBiJlHPQ1 B+bDV1c7aPBqpM8uouBz62VjZabI80nFGpjHk7f8emXMwve9TGd2oNuaruDUg3cc2LWw5+cQ 9tp4cvyC9A5uWpbkpFdFu9rxJ0u5tG0qL59yB9lLUrxbF+qK+1BJF+a0elmq599xr1QklazU Ueho9NfOau7Pf30NFsrICskceWx+vUGkRbC7fkOARvb5Q0m2JGlQEltLx23pygFF4RMMaQh2 vYHhM4azyedmygaGI+KoQ4M/lvdM0Fadbsss68rJbPCiy0p+wlkWoPdACqn26O/QYxAHWdyK wDFmZeYoapXw3fDVH8BFXLt++55rrZWsTBoyG4yHXi4quDntNQWgiIIqS8WSz5LxCppy+hwY 2hnF3NkLJW0ogtHupJxYHCOKSpgWjui5U3D+3kYnjb4Tm6pdFD3Ak8TBOKvxH0dokVgJmV13 bfA02v0cyfYTOeo1AsIZENVgfjCT9twyw78pP6aD/m1R5kXXD60rZKtNEwpqgTmC/wfnEfoh /dn18cuZLzZNRw/mbwaCY6b5IsUWiK7AXFwR9Nh8JxUGmuGSjW52GWNGXuQYeJIHeTBqmWjO vxtJ+VOdhWw7zmPpTYlHpwxI6d4sfoqxdgacJbpGDI2iKSepT9Xr57gzCjyq2s1SdFIk8xmC IfuWx+dM26X3114pnTsqZRaB2+GftU0Xg3w8+Sr+uEvFZhYkuVNc1k344SkrUeuLwpr0BKFj jztP5aM4bRZ9r1tuI/wHoFoJQa+c4rzXdvV1jGDiY1FaNeXPPresw8QlELcAD1XGrksQPVyq 6WGtY/m/UHCvYtuaVvjpbu6K/Br6/mxDc1tCeCmCFlBnCCHZt3g3AtbxUC8Nq5ysY184uuJe lKGTfWeJPApX+VT/nl3UxRlMg08Dv33Z5jwpCnmoPWrDAMc4DP9L9im1CHIaE9DfXU2Obn7O B7Fi8iz7/8JqbZ8JQI2KMxnJ7RaI1bTf7QsWPOslDufD0iu2kijvJm7nzUeyDj7MFu2O+ek3 oDkHz/QLA+TvoPMx/Fn671ChAUdVitBsLNhb3Aj9M5ToBHkKmw/dMA2E4gMU7NQmQzMjKDIX inHNjYeOH+sTAZ/UEvO5fr4VV2iHc0IANDyIwIp826yayubAIChAqNrxhx/4kVZKyfS8+W6F e4wonHAHAC94pVMd9Yh4vaWheRGxPSD4lkq/Uv7sdL5AjdAILEs+UFiIjFwVn38I5mQrHnIG Gk7ezkVCgXzA0v8Ct1pdHNpCQkU9mGnhSkhaSCUhs3TocOHxelH0+fyIPz3zqZFVskROboSX jnicgNhOYxNNqA74sPFY+4UvJI= IronPort-HdrOrdr: A9a23:VpQ6yqvSp2SKoYIyXEu1mfc17skCf4Mji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK5yXcT2/hsAV7CZniahILMFu9fBOTZslvd8kHFh4xgPO JbAtND4b7LfClHZLjBkXCF+r8bqbHtmsDY5ts2jU0dNz2CA5sQkTuRYTzrdXGeKjM2YKbQQ/ Gnl7V6T1nJQwVUUizlbUN1G9QqwrXw5dHbiFM9dmgaAE7kt0Lc1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym769f1t6ZDc4+oGIPbJptkeKz3qhArtTp9mQae+sDc8p/zqwEo2ke PLvwwrM61Imjvsl1mO0FbQMjTboXoTAyeI8y7WvZKjm72xeNsCMbsKuWoDGSGppXbI8usMkZ 6j5Fjpxaa/PSmw7BgV2OK4JC2C7nDE2UbKsdRj+0C3ArFuH4O5B7ZvvDITLH5HJlO+1Lwa X-Talos-CUID: 9a23:rYO3PGpwZiokpX4hEZS3p3zmUfh/cG/4k1f1H3ClE3huEqWqTVW9w7wxxg== X-Talos-MUID: 9a23:s8+vRw2mSwWOLRugLEVTEq/7jjUj7IbpMWEiysU8qsTYci18BQ2Xhgnve9py X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486308" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:07 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:06 +0200 Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:06 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gxc6IZKHi3PG8yYtV04uOu/dGg+DwwKj0OmO61lMow8WiaeGU+MyuFrcWelcpn1u7wp8S4vHCNe/DH51cIO71d61jk6lpv6/v/LHm5DnqNCrNl4VwJu3wdT/9SgEzYq+RbQrNZYkXclSR9VDxiAB5SUAmvu1XoYrlIcGB9zT0JPfusVUZ5IsAUSQs8K9+vns3l1XDw/mqo+12/Es6y7U9a9vD9hzoHlyNzMD65H1EY5UJn4QZsEKc0TrSkqhI0AhmSqfEKBZkrKVOd3TrR65MW6/oO54HiOu6e3z/q4byePQsxsMzEKUgivdU4EsI/k8pjrk8VEcvcPd+XJep5w0Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; b=Oelfl45kD/cELO3Si57nGwi3mO3SMqqz48rK3vuBz5U66dqoJmQBwK8rBJAQAj1GayvULbfRthnT+vCIm6EUZ/XxgoPWd5S0YB13l1sGv+wqvrYUYJirYgMHGdV4YhHjeW6VjtkFYanT9w8AoLfLRV/Ttj/sqL1jnk9Sy/TuXIBQ5x6ULUYTMDCJCasyMLF+QwnpbT+duAlZQ2rs6je38v9dabaSuO81UEdEbT9uESoQdiC+kAmvzEUUsXPg92Gc/5nKBIOe9xEnKKTvLvMaNOTWCUDmrH+abPvF6UKuGgVO4sl4jo6l9TeR2XU6wYoG6pPNaTE6wD2rSCkp6VSHuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; b=jefJQZW6sugLAoYuNZdzA5iZIQdcQuwGE80+K5YK100b4Opc9K5Dmyzz8Xci3tLB5RiLLqiTHpbH0HnncC2ejEK+iIypOGR5ip0DxE9WAL3u5vxV5t0vNmYvZ9hdGzxBoV980QtSAuQQZzBZoGGR9RmWrLElC1lDtdq1JYpA9ks= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:00 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:00 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de> To: Alexander Mikhalitsyn <alexander@mihalicyn.com>, Christian Brauner <brauner@kernel.org>, Alexei Starovoitov <ast@kernel.org>, Paul Moore <paul@paul-moore.com> CC: Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>, John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>, Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>, <bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>, <gyroidos@aisec.fraunhofer.de>, =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de> Subject: [RESEND RFC PATCH v2 08/14] device_cgroup: Hide devcgroup functionality completely in lsm Date: Wed, 25 Oct 2023 11:42:18 +0200 Message-Id: <20231025094224.72858-9-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 8d886489-78f6-4591-3f95-08dbd53ec6ff X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ndlma0MVWI/LgjB6ouDGoxg0X6efYczAJ5OJ1x0o+Nzzy+q/LU0T7beIb23bdlLfpn3hSUfdrqzDpb89bwMNawkFfHBkakfsOqx5Q3ugBg2YbNFVCJm6MmVBSffGsyyMlj1UXv7aZlD9sMyfzpXRX06qoI9aBhwJThD8yPRXKspUYGrlSUkJ1WPIKVSIsalqSz/+IhByDSonZYyEii8o1krSrN1lS6/hwrdk1X2b4gH1/7Jng7Y+w/BjeXDB0NOD/QmQeJaf5BVGF+PwlDBswn+7FP+ea6uTn2B+SKW4gUeBWTg6+q3gTB2WysYqMvAwK6wpUa3k7mr2pAKTpRFbCN4KooYn0d2+yEefmn2vInjJbVLYaoiPXfPY2df+aEL7h/LU1PXD4uyfdWHQGNLfCk7x3HOJLv3HCAhaseVbf9GGNbxpoJ1L3LHDf4VYA5fKy9hw01HMwubfxsJeair9vDli0kXRvaBVxxrv+tx/4AMLRv2HeMo14Qf9vP6L4bVBX+rE6IH72rJ7Cbklq85OpCwUGrMlOVIxCBpYsTo0emgSQUGj9IjvcWATpmNG9NGyf/Ko2oC13apcHcUSdDRSK6KPFrApQprHkV8z+iN87s0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?u27QFYJvEXBcIKlwmuoTG4cF+KHv?= =?utf-8?q?XslKVvKHgo+n3n1sUcGBawbDEoqZWn9QP4JOcsie/sTKdRi98Bilipv9badK9NwlA?= =?utf-8?q?sE8VlbLb5JT09EpZ+wuSzIOrfqUwlBhjTdVBZFm050NGc+2AxiykUfcpHI9Uhwgx7?= =?utf-8?q?whgDI5GYmWA4x9/8TvrApWo3pkGsHLs1G2ebVKRhr2ZCF9hcLncGQeKJ96n4ekRff?= =?utf-8?q?pJEgyIhPiQ6rEMDBwYy/CbSM7B5Y2c6fFQ9O988um7sXlcHQ4YEB0TPi3tK3Mga6x?= =?utf-8?q?bDk3VPhXjtDMBsYXjgjOxzGpmXplzCPZbUKPRRrOUKO0i01LQAuaZKz6Fzejzc6Wq?= =?utf-8?q?DhejAYODgeq2Rl9DETwgS4kY2x8FvUCcsUv33tHx5HpWJIQpm0xYpgQg2G5TrS9LD?= =?utf-8?q?hyBVlbWdWX0g5IxuEwCwiUB568jqGc2c+VHl5Fj0KLbcg/A4iuKc/Q2PG7jlZL/z0?= =?utf-8?q?SJBSTiyJI5PLaa0k1nzG0E3M4EIZpmT2400I6Rppn8RT0QboT7P+yCN/+UBcU/JBs?= =?utf-8?q?excq7BwpcSgzfcSqPrW9+DFVz5aFpLljDUdlAympSxl5362It1rWd4NJ4jhgqrAIl?= =?utf-8?q?uKD937nTlviJ3xo8WT2jk2APZ7u6X58DJkSr2jcX1T+VE11GG/1daWv1n6FoHcHSp?= =?utf-8?q?AV46GfAPSvn5mHnbwa+SrD29HhlIZd/BixI/hoszgu2f6Xu7mmNpqtK9aX3a1zyl+?= =?utf-8?q?DD/Wkp1Tu31nTsKyCb3SEw+B8onKFqhX21Ar9573sVU3WaipPVYkQay0rcAGCdbXk?= =?utf-8?q?S3MUGL2dj3Bj//Q52LSWxEbTmFqXTB8JWVLMS+1oBtERbWicFlJb1yTletnOzryUt?= =?utf-8?q?TAYaAC1+EbcaBeopoC8lSVS1KxGJdhhQTybT04E+Y6esYkUTuFXpD/LXLp0Af9pRq?= =?utf-8?q?tQk4TKQmW37qQZvVrwgE8my+icJKRWRAiT5JPw78dYhjmy9j+H3yQVx7dytustBju?= =?utf-8?q?5Ee4zE/eEo+0lKPNR2uXK93vLCkU3HPNDsyK8e80HEZZhOvBOacc2NBMCNzeFihgT?= =?utf-8?q?czyf/uX7YSrWyOiKrdxGrUI0Gc5sf1cbxTREzVDtgaOB/AoCDwwtzfWd/oXTY2kT5?= =?utf-8?q?+Lt5W7r51tQqwATCW0by1xKIP6Y5LvDv+tVWbbAtG//p+X1Db1Ckw4ktF10km67Lr?= =?utf-8?q?st/pEJdx7iRtrzMzOJYAaLpQsmz47QsMuT2n2RnCdJiuOigADYWHHasNlplYXDIeo?= =?utf-8?q?5M/2/ie8F+XGS5hQ8F0h/fZrAbxd8vjvnNLmthuxIlhTrnohNS9EnpXwb2iBRWkdz?= =?utf-8?q?JHLOErZPSGQWAh5P3rGIu61/ddYgeC2N8PSw4ZNh4DRFORNkKu3DwZ0eNJ9xDqv7K?= =?utf-8?q?IAKyJXDPiz87R7hpMb5KnaZq+wk5tc+E4PFvzWqioYyuIU4doM6q3slE3rUrqJtut?= =?utf-8?q?o0RETSBDcE9R7I7YippWZ/cD+qKOIHSjUvL+Bw5vp38WCn5c0tzo2m7mMxJ4ET2va?= =?utf-8?q?yX0jIzvnfvNrCOIcGQ+caJ/a2QPNSPnTzVb0yxGPsl3BCIbBK87WsFZNTS7AAdZ4F?= =?utf-8?q?02HKuEX6Ot9Iw1d0d5Qn/1k3rlvhoob/18ekXFPVD60Eq5lww9bbCdvdy9pJedBnz?= =?utf-8?q?g2OkW9TmxSKQUN5NW+0rmcaLvp42z9G4w4jzFmq5WaZxybCgQHdFlQ=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 8d886489-78f6-4591-3f95-08dbd53ec6ff X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:00.7572 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: of5JJ0/Dbvv/Mv5uDI+VRSliwBdlVUTne3G70JgQhm1qEM/3iGp/hpiGLjHq9pGRqPe8beFEOiHch394T5MJDVJpBsTksKXQ0VciK42KIonwLUBXJXn9roOLvwl+DxOQ X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:58 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720181217926447 X-GMAIL-MSGID: 1780720181217926447 |
Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 25, 2023, 9:42 a.m. UTC
Now since all users of devcgroup_check_permission() have been
removed, all device cgroup related functionality is covered by
security hooks. Thus, move the public device_cgroup.h header
into the subfolder of the lsm module.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
security/device_cgroup/device_cgroup.c | 3 ++-
{include/linux => security/device_cgroup}/device_cgroup.h | 0
security/device_cgroup/lsm.c | 3 ++-
3 files changed, 4 insertions(+), 2 deletions(-)
rename {include/linux => security/device_cgroup}/device_cgroup.h (100%)
diff --git a/security/device_cgroup/device_cgroup.c b/security/device_cgroup/device_cgroup.c index dc4df7475081..1a8190929ec3 100644 --- a/security/device_cgroup/device_cgroup.c +++ b/security/device_cgroup/device_cgroup.c @@ -6,7 +6,6 @@ */ #include <linux/bpf-cgroup.h> -#include <linux/device_cgroup.h> #include <linux/cgroup.h> #include <linux/ctype.h> #include <linux/list.h> @@ -16,6 +15,8 @@ #include <linux/rcupdate.h> #include <linux/mutex.h> +#include "device_cgroup.h" + #ifdef CONFIG_CGROUP_DEVICE static DEFINE_MUTEX(devcgroup_mutex); diff --git a/include/linux/device_cgroup.h b/security/device_cgroup/device_cgroup.h similarity index 100% rename from include/linux/device_cgroup.h rename to security/device_cgroup/device_cgroup.h diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index 987d2c20a577..a963536d0a15 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -11,9 +11,10 @@ */ #include <linux/bpf-cgroup.h> -#include <linux/device_cgroup.h> #include <linux/lsm_hooks.h> +#include "device_cgroup.h" + static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0;