On Wed, Mar 31, 2021 at 09:59:07PM +0800, Yongji Xie wrote:

On Wed, Mar 31, 2021 at 8:23 PM Christian Brauner
[off-list ref] wrote:

quoted

On Wed, Mar 31, 2021 at 07:32:33PM +0800, Yongji Xie wrote:

quoted

On Wed, Mar 31, 2021 at 5:15 PM Christian Brauner
[off-list ref] wrote:

quoted

On Wed, Mar 31, 2021 at 04:05:10PM +0800, Xie Yongji wrote:

quoted

Export receive_fd() so that some modules can use
it to pass file descriptor between processes without
missing any security stuffs.

Signed-off-by: Xie Yongji <redacted>
---

Yeah, as I said in the other mail I'd be comfortable with exposing just
this variant of the helper.

Thanks, I got it now.

quoted

Maybe this should be a separate patch bundled together with Christoph's
patch to split parts of receive_fd() into a separate helper.

Do we need to add the seccomp notifier into the separate helper? In
our case, the file passed to the separate helper is from another
process.

Not sure what you mean. Christoph has proposed
https://lore.kernel.org/linux-fsdevel/20210325082209.1067987-2-hch@lst.de (local)
I was just saying that if we think this patch is useful we might bundle
it together with the
EXPORT_SYMBOL(receive_fd)
part here, convert all drivers that currently open-code get_unused_fd()
+ fd_install() to use receive_fd(), and make this a separate patchset.

Yes, I see. We can split the parts (get_unused_fd() + fd_install()) of
receive_fd() into a separate helper and convert all drivers to use
that. What I mean is that I also would like to use
security_file_receive() in my modules. So I'm not sure if it's ok to
add security_file_receive() into the separate helper. Or do I need to
export security_file_receive() separately?

I think I confused you which is my bad. What you do here is - in my
opinion - correct.
I'm just saying that exporting receive_fd() allows further cleanups and
your export here could go on top of Christoph's change in a separate
series.

Christian