Re: [PATCH RESEND v5 0/5] namei: vfs flags to restrict path resolution

From: Aleksa Sarai
Date: Thu Apr 25 2019 - 15:46:11 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH v3 05/13] driver core: Add helper device_find_child_by_name()"
Previous message: Ingo Molnar: "Re: [RFC PATCH v5 3/4] x86/acrn: Use HYPERVISOR_CALLBACK_VECTOR for ACRN guest upcall vector"
In reply to: Adam Borowski: "Re: [PATCH RESEND v5 0/5] namei: vfs flags to restrict path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019-04-25, Aleksa Sarai <cyphar@xxxxxxxxxx> wrote:
> On 2019-04-23, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> > This series provides solutions to so many different race and confusion
> > issues, I'd really like to see it land. What's the next step here? Is
> > this planned to go directly to Linus for v5.2, or is it going to live
> > in -mm for a while? I'd really like to see this moving forward.
>
> Given some of the security requirements of this interface, I think
> getting it to live in -mm wouldn't be a bad idea so folks can shake the
> bugs out before it's depended on by container runtimes.

Scratch my mention of -mm, it should be in Al's tree since it touches
quite a few of the namei seqlocks. My point was that it should live in
someone's tree for a little bit before it goes into a release.

I will put together a PoC of a resolveat(2) variation of this series and
re-send it out with both versions.

--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachment: signature.asc
Description: PGP signature

Next message: Greg Kroah-Hartman: "Re: [PATCH v3 05/13] driver core: Add helper device_find_child_by_name()"
Previous message: Ingo Molnar: "Re: [RFC PATCH v5 3/4] x86/acrn: Use HYPERVISOR_CALLBACK_VECTOR for ACRN guest upcall vector"
In reply to: Adam Borowski: "Re: [PATCH RESEND v5 0/5] namei: vfs flags to restrict path resolution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]