Re: [PATCH v5 bpf-next 5/5] bpf/selftests: Add a selftest for bpf_getxattr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 30, 2022 at 6:29 PM Amir Goldstein <amir73il@xxxxxxxxx> wrote:
>
> > >
> > > This discussion would probably be a lot shorter if this series were sent
> > > with a proper explanation of how this supposed to work and what it's
> > > used for.
> >
> > It's currently scoped to BPF LSM (albeit limited to LSM for now)
> > but it won't just be used in LSM programs but some (allow-listed)
> > tracing programs too.
> >
>
> KP,
>
> Without taking sides in the discussion about the security aspect of
> bpf_getxattr(),
> I wanted to say that we have plans to add BPF hooks for fanotify event
> filters and
> AFAIK Alessio's team is working on adding BPF hooks for FUSE bypass decisions.
>
> In both those cases, being able to tag files with some xattr and use
> that as part of
> criteria in the hook would be very useful IMO, but I don't think that
> it should be a
> problem to limit the scope of the allowed namespace to security.bpf.* for these
> use cases.

Thanks Amir, I agree, this does seem like a practical way to move forward.

Cheers,
- KP

>
> Thanks,
> Amir.



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux