On Aug 25, 2016 12:34 PM, "Mickaël Salaün" <mic@xxxxxxxxxxx> wrote: > > Add LSM hooks which can be used by userland through Landlock (eBPF) > programs. This programs are limited to a whitelist of functions (cf. > next commit). The eBPF program context is depicted by the struct > landlock_data (cf. include/uapi/linux/bpf.h): > * hook: LSM hook ID (useful when using the same program for multiple LSM > hooks); > * cookie: the 16-bit value from the seccomp filter that triggered this > Landlock program; > * args[6]: array of LSM hook arguments. > > The LSM hook arguments can contain raw values as integers or > (unleakable) pointers. The only way to use the pointers are to pass them > to an eBPF function according to their types (e.g. the > bpf_landlock_cmp_fs_beneath_with_struct_file function can use a struct > file pointer). > > For now, there is three hooks for file system access control: > * file_open; > * file_permission; > * mmap_file. > What's the purpose of exposing struct cred * to userspace? It's primarily just an optimization to save a bit of RAM, and it's a dubious optimization at that. What are you using it for? Would it make more sense to use struct task_struct * or struct pid * instead? Also, exposing struct cred * has a really weird side-effect: it allows (maybe even encourages) checking for pointer equality between two struct cred * objects. Doing so will have erratic results. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
