On Thu, Sep 10, 2020 at 09:00:10PM +0100, Al Viro wrote: > On Thu, Sep 10, 2020 at 07:40:33PM +0100, Matthew Wilcox wrote: > > On Thu, Sep 10, 2020 at 08:38:21PM +0200, Mickaël Salaün wrote: > > > There is also the use case of noexec mounts and file permissions. From > > > user space point of view, it doesn't matter which kernel component is in > > > charge of defining the policy. The syscall should then not be tied with > > > a verification/integrity/signature/appraisal vocabulary, but simply an > > > access control one. > > > > permission()? > > int lsm(int fd, const char *how, char *error, int size); > > Seriously, this is "ask LSM to apply special policy to file"; let's > _not_ mess with flags, etc. for that; give it decent bandwidth > and since it's completely opaque for the rest of the kernel, > just a pass a string to be parsed by LSM as it sees fit. Hang on, it does have some things which aren't BD^W^WLSM. It lets the interpreter honour the mount -o noexec option. I presume it's not easily defeated by cat /home/salaun/bin/bad.pl | perl -
