Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Oct 30, 2024, at 11:56 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> 
> On Wed, Oct 30, 2024 at 08:44:26PM +0000, Song Liu wrote:
>> Given bpf kfuncs can read user.* xattrs for almost a year now, I think we 
>> cannot simply revert it. We already have some users using it. 
>> 
>> Instead, we can work on a plan to deprecated it. How about we add a 
>> WARN_ON_ONCE as part of this patchset, and then remove user.* support 
>> after some time?
> 
> As Christian mentioned having bpf access to user xattrs is probably
> not a big issue.  OTOH anything that makes security decisions based
> on it is probably pretty broken.  Not sure how you want to best
> handle that.

Agreed that we really need security.bpf prefix for security use cases. 
Reading user.* xattrs could be useful for some tracing use cases. We
may also introduce other prefixes for future use cases.

Thanks,
Song









[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux