Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2)
From: Mickaël Salaün <mic@xxxxxxxxxxx>
Date: Fri, 1 May 2020 16:14:58 +0200
Cc: linux-kernel@xxxxxxxxxxxxxxx, Aleksa Sarai <cyphar@xxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Christian Heimes <christian@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>, Eric Chiang <ericchiang@xxxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxx>, Matthew Wilcox <willy@xxxxxxxxxxxxx>, Michael Kerrisk <mtk.manpages@xxxxxxxxx>, Mickaël Salaün <mickael.salaun@xxxxxxxxxxx>, Mimi Zohar <zohar@xxxxxxxxxxxxx>, Philippe Trébuchet <philippe.trebuchet@xxxxxxxxxxx>, Scott Shell <scottsh@xxxxxxxxxxxxx>, Sean Christopherson <sean.j.christopherson@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, Steve Dower <steve.dower@xxxxxxxxxx>, Steve Grubb <sgrubb@xxxxxxxxxx>, Thibaut Sautereau <thibaut.sautereau@xxxxxxxxxxx>, Vincent Strubel <vincent.strubel@xxxxxxxxxxx>, kernel-hardening@xxxxxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx
Delivered-to: mailing list kernel-hardening@xxxxxxxxxxxxxxxxxx
In-reply-to: <alpine.LRH.2.21.2005011404420.29679@namei.org>
Mailing-list: contact kernel-hardening-help@xxxxxxxxxxxxxxxxxx; run by ezmlm
User-agent:

On 01/05/2020 06:04, James Morris wrote:
> On Tue, 28 Apr 2020, Mickaël Salaün wrote:
> 
>> When the RESOLVE_MAYEXEC flag is passed, openat2(2) may be subject to
>> additional restrictions depending on a security policy managed by the
>> kernel through a sysctl or implemented by an LSM thanks to the
>> inode_permission hook.
> 
> 
> Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>

As requested, I switched back to O_MAYEXEC yesterday with the v4:
https://lore.kernel.org/lkml/20200430132320.699508-2-mic@xxxxxxxxxxx/

References:
- [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
  - From: Mickaël Salaün
- [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2)
  - From: Mickaël Salaün
- Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2)
  - From: James Morris

Prev by Date: Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
Next by Date: Re: [PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property
Previous by thread: Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2)
Next by thread: [PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]