Re: [PATCH v5 bpf-next 5/5] bpf/selftests: Add a selftest for bpf_getxattr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >
> > This discussion would probably be a lot shorter if this series were sent
> > with a proper explanation of how this supposed to work and what it's
> > used for.
>
> It's currently scoped to BPF LSM (albeit limited to LSM for now)
> but it won't just be used in LSM programs but some (allow-listed)
> tracing programs too.
>

KP,

Without taking sides in the discussion about the security aspect of
bpf_getxattr(),
I wanted to say that we have plans to add BPF hooks for fanotify event
filters and
AFAIK Alessio's team is working on adding BPF hooks for FUSE bypass decisions.

In both those cases, being able to tag files with some xattr and use
that as part of
criteria in the hook would be very useful IMO, but I don't think that
it should be a
problem to limit the scope of the allowed namespace to security.bpf.* for these
use cases.

Thanks,
Amir.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux