Re: [PATCH v4 1/1] exec: seal system mappings

[Lorenzo Stoakes]

Jeff,

My name is Lorenzo, not Lorenze.

I've made it abundantly clear that this (NACKed) series cannot allow the
kernel to be in a broken state even if a user sets flags to do so.

This is because users might lack context to make this decision and
incorrectly do so, and now we ship a known-broken kernel.

You are now suggesting disabling the !CRIU requirement. Which violates my
_requirements_ (not optional features).

You seem to be saying you're pushing an internal feature on upstream and
only care about internal use cases, this is not how upstream works, as
Matthew alludes to.

I have told you that my requirements are:

1. You cannot allow a user to set config or boot options to have a
   broken kernel configuration.

2. You must provide evidence that the arches you claim work with this,
   actually do.

You seem to have eliminated that from your summary as if the very thing
that makes this series NACKed were not pertinent.

if you do not address these correctly, I will simply have to reject your v5
too and it'll waste everybody's time. I _genuinely_ don't want to have to
do this.

Any solution MUST fulfil these requirements. I also want to see v5 as an
RFC honestly at this stage, since it seems we are VERY MUCH in a discussion
phase rather than a patch phase at this time.

I really want to help you improve mseal and get things upstream, but I
can't ignore my duty to ensure that the kernel remains stable and we don't
hand kernel users (overly huge) footguns. I hate to be negative, but this
is why I am pushing back so much here.

Thanks!