Thread (29 messages) 29 messages, 8 authors, 2022-12-12

Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2022-11-21 15:12:26
Also in: linux-efi, linux-fsdevel, linux-security-module, lkml 

On Mon, Nov 21, 2022 at 09:03:18AM -0500, James Bottomley wrote:
On Mon, 2022-11-21 at 12:05 +0100, Greg Kroah-Hartman wrote:
quoted
On Sun, Nov 20, 2022 at 10:14:26PM -0500, James Bottomley wrote:
quoted
On Sun, 2022-11-20 at 17:13 +0100, Greg Kroah-Hartman wrote:
quoted
On Sat, Nov 19, 2022 at 01:20:09AM -0500, Nayna wrote:
quoted
On 11/17/22 16:27, Greg Kroah-Hartman wrote:
quoted
On Mon, Nov 14, 2022 at 06:03:43PM -0500, Nayna wrote:
quoted
On 11/10/22 04:58, Greg Kroah-Hartman wrote:
[...]
quoted
quoted
quoted
quoted
quoted
I do not understand, sorry.  What does namespaces have to
do
with this?
sysfs can already handle namespaces just fine, why not
use
that?
Firmware objects are not namespaced. I mentioned it here as
an
example of the difference between firmware and kernel
objects.
It is also in response to the feedback from James Bottomley
in
RFC v2 [
https://lore.kernel.org/linuxppc-dev/41ca51e8db9907d9060cc38ad
b59a66dcae4c59b.camel@HansenPartnership.com/].
I do not understand, sorry.  Do you want to use a namespace
for
these or not?  The code does not seem to be using
namespaces. 
You can use sysfs with, or without, a namespace so I don't
understand the issue here.

With your code, there is no namespace.
You are correct. There's no namespace for these.
So again, I do not understand.  Do you want to use filesystem
namespaces, or do you not?
Since this seems to go back to my email quoted again, let me
repeat: the question isn't if this patch is namespaced; I think
you've agreed several times it isn't.  The question is if the
exposed properties would ever need to be namespaced.  This is a
subtle and complex question which isn't at all explored by the
above interchange.
quoted
How again can you not use sysfs or securityfs due to namespaces? 
What is missing?
I already explained in the email that sysfs contains APIs like
simple_pin_... which are completely inimical to namespacing.
Then how does the networking code handle the namespace stuff in
sysfs?
That seems to work today, or am I missing something?
have you actually tried?

jejb@lingrow:~> sudo unshare --net bash
lingrow:/home/jejb # ls /sys/class/net/
lo  tun0  tun10  wlan0
lingrow:/home/jejb # ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

So, as you see, I've entered a network namespace and ip link shows me
the only interface I can see in that namespace (a down loopback) but
sysfs shows me every interface on the system outside the namespace.
Then all of the code in include/kobject_ns.h is not being used?  We have
a whole kobject namespace set up for networking, I just assumed they
were using it.  If not, I'm all for ripping it out.

thanks,

greg k-h
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help