Re: [PATCH v4 0/4] Introduce security_create_user_ns()
From: Alexei Starovoitov
Date: Tue Aug 09 2022 - 20:52:11 EST
On Tue, Aug 9, 2022 at 3:40 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Tue, Aug 9, 2022 at 5:41 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
> > Paul Moore <paul@xxxxxxxxxxxxxx> writes:
> > >
> > > What level of due diligence would satisfy you Eric?
> >
> > Having a real conversation about what a change is doing and to talk
> > about it's merits and it's pro's and cons. I can't promise I would be
> > convinced but that is the kind of conversation it would take.
>
> Earlier today you talked about due diligence to ensure that userspace
> won't break and I provided my reasoning on why userspace would not
> break (at least not because of this change). Userspace might be
> blocked from creating a new user namespace due to a security policy,
> but that would be the expected and desired outcome, not breakage. As
> far as your most recent comment regarding merit and pros/cons, I
> believe we have had that discussion (quite a few times already); it
> just seems you are not satisfied with the majority's conclusion.
>
> Personally, I'm not sure there is anything more I can do to convince
> you that this patchset is reasonable; I'm going to leave it to others
> at this point, or we can all simply agree to disagree for the moment.
> Just as you haven't heard a compelling argument for this patchset, I
> haven't heard a compelling argument against it. Barring some
> significant new discussion point, or opinion, I still plan on merging
> this into the LSM next branch when the merge window closes next week
> so it has time to go through a full round of linux-next testing.
> Assuming no unresolvable problems are found during the additional
> testing I plan to send it to Linus during the v6.1 merge window and
> I'm guessing we will get to go through this all again. It's less than
> ideal, but I think this is where we are at right now.
+1