Re: [PATCH v4 0/4] Introduce security_create_user_ns()
From: Eric W. Biederman <hidden>
Date: 2022-08-08 19:26:21
Also in:
bpf, linux-kselftest, linux-security-module, lkml, selinux
Possibly related (same subject, not in this thread)
- 2022-08-15 · Re: [PATCH v4 0/4] Introduce security_create_user_ns() · Paul Moore <paul@paul-moore.com>
- 2022-08-15 · Re: [PATCH v4 0/4] Introduce security_create_user_ns() · "Serge E. Hallyn" <serge@hallyn.com>
- 2022-08-15 · Re: [PATCH v4 0/4] Introduce security_create_user_ns() · Paul Moore <paul@paul-moore.com>
- 2022-08-14 · Re: [PATCH v4 0/4] Introduce security_create_user_ns() · "Serge E. Hallyn" <serge@hallyn.com>
- 2022-08-10 · Re: [PATCH v4 0/4] Introduce security_create_user_ns() · Alexei Starovoitov <hidden>
Paul Moore [off-list ref] writes:
quoted
I did provide constructive feedback. My feedback to his problem was to address the real problem of bugs in the kernel.We've heard from several people who have use cases which require adding LSM-level access controls and observability to user namespace creation. This is the problem we are trying to solve here; if you do not like the approach proposed in this patchset please suggest another implementation that allows LSMs visibility into user namespace creation.
Please stop, ignoring my feedback, not detailing what problem or problems you are actually trying to be solved, and threatening to merge code into files that I maintain that has the express purpose of breaking my users. You just artificially constrained the problems, so that no other solution is acceptable. On that basis alone I am object to this whole approach to steam roll over me and my code. Eric