On 6/6/2019 10:11 AM, Andy Lutomirski wrote:

On Thu, Jun 6, 2019 at 9:43 AM Casey Schaufler [off-list ref] wrote:

quoted

...
I don't agree. That is, I don't believe it is sufficient.
There is no guarantee that being able to set a watch on an
object implies that every process that can trigger the event
can send it to you.

        Watcher has Smack label W
        Triggerer has Smack label T
        Watched object has Smack label O

        Relevant Smack rules are

        W O rw
        T O rw

The watcher will be able to set the watch,
the triggerer will be able to trigger the event,
but there is nothing that would allow the watcher
to receive the event. This is not a case of watcher
reading the watched object, as the event is delivered
without any action by watcher.

I think this is an example of a bogus policy that should not be
supported by the kernel.

At this point it's pretty hard for me to care much what
you think. You don't seem to have any insight into the
implications of the features you're advocating, or their
potential consequences.