A security-module hook for user-namespace creation

Posted Aug 5, 2022 20:39 UTC (Fri) by amarao (subscriber, #87073)
In reply to: A security-module hook for user-namespace creation by iabervon
Parent article: A security-module hook for user-namespace creation

I'm totally fine with audit hooks, if they do not slow down things. I think that arbitrary fails for things which are expected to work is bad. Let's say I wrote a code to use with namespaces. I ask kernel to create one. It returned me '402 payment required'. What should I do? Exit with code 1? Show 'error: denied' dialog box and exit after 'OK'?

I have a better idea. How about restricting with LSM ability for processes to exit? There is a syscall for that, and by EPERM it, we can forbid crashing software! It's going to work no matter what!

(Log in to post comments)

A security-module hook for user-namespace creation

Posted Aug 9, 2022 17:32 UTC (Tue) by cschaufler (subscriber, #126555) [Link]

Hee Hee. There is a legitimate use case for an LSM hook that would prevent a process from successfully terminating. Forensic analysis of a process that did Bad Things and got caught.

In the early days of X11 clients no one checked error codes because there wasn't any notion of what to do if your color map wasn't properly loaded or the like. They figured out how to handle errors reasonably. Many early Unix utilities ignored the return from the write() system call. We don't much tolerate that any more. Assuming a syscall is never going to fail in an unexpected way isn't good programming practice, and never has been. Sure, you can argue that adding an errno to the list a call can return is an API change, but that's a stretch.