On Fri, 23 Feb 2024 at 13:26, Christian Brauner <brauner@xxxxxxxxxx> wrote: > > So, the immediate fix separate from the selinux policy update is to fix > dbus-broker which we've done now: > > https://github.com/bus1/dbus-broker/pull/343 Why is that code then continuing the idiocy of doing different things for different error conditions? IOW, it causes user space failure when that code doesn't fall back to "don't do pidfd", but then it continues the crazy habit of treating *some* error returns as "fallback to not use pidfd" and other errors as "fail user space". That was the fundamental bug with special-casing EINVAL in the first place, and the above "fix" continues the braindamage. Did nobody learn anything? Also, honestly, if this breaks existing setups, then we should fix the kernel anyway. Changing things from the old anonymous inodes to the new pidfs inodes should *not* have caused any LSM denial issues. You used the same pointer to dbus-broker for the LSM changes, but I really don't think this should have required LSM changes in the first place. Your reaction to "my kernel change caused LSM to barf" should have made you go "let's fix the kernel so that LSM _doesn't_ barf". Maybe by making pidfs look exactly like anonfs to LSM. Since I don't see the LSM change, I'm not actually sure exactly what LSM even reacted to in that switch-over. Linus