On 6 Mar 2018, at 11:12, Linus Torvalds wrote:
On Mon, Mar 5, 2018 at 5:34 PM, Alexei Starovoitov <ast@xxxxxxxxxx>
wrote:
As the first step in development of bpfilter project [1] the
request_module()
code is extended to allow user mode helpers to be invoked. Idea is
that
user mode helpers are built as part of the kernel build and installed
as
traditional kernel modules with .ko file extension into distro
specified
location, such that from a distribution point of view, they are no
different
than regular kernel modules. Thus, allow request_module() logic to
load such
user mode helper (umh) modules via:
[,,]
I like this, but I have one request: can we make sure that this action
is visible in the system messages?
When we load a regular module, at least it shows in lsmod afterwards,
although I have a few times wanted to really see module load as an
event in the logs too.
When we load a module that just executes a user program, and there is
no sign of it in the module list, I think we *really* need to make
that event show to the admin some way.
.. and yes, maybe we'll need to rate-limit the messages, and maybe it
turns out that I'm entirely wrong and people will hate the messages
after they get used to the concept of these pseudo-modules, but
particularly for the early implementation when this is a new thing, I
really want a message like
executed user process xyz-abc as a pseudo-module
or something in dmesg.
I do *not* want this to be a magical way to hide things.
Especially early on, this makes a lot of sense. But I wanted to plug
bps and the hopefully growing set of bpf introspection tools:
https://github.com/iovisor/bcc/blob/master/introspection/bps_example.txt
Long term these are probably a good place to tell the admin what's going
on.
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
