Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Christian Brauner <christian.brauner@xxxxxxxxxx>
Date: Sat, 17 Aug 2019 17:16:53 +0200
Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Song Liu <songliubraving@xxxxxx>, Networking <netdev@xxxxxxxxxxxxxxx>, bpf <bpf@xxxxxxxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Kernel Team <Kernel-team@xxxxxx>, Lorenz Bauer <lmb@xxxxxxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>
In-reply-to: <20190817150843.4vsmzpwpcvzndjld@ast-mbp>
References: <20190805192122.laxcaz75k4vxdspn@ast-mbp> <CALCETrVtPs8gY-H4gmzSqPboid3CB++n50SvYd6RU9YVde_-Ow@mail.gmail.com> <20190806011134.p5baub5l3t5fkmou@ast-mbp> <CALCETrXEHL3+NAY6P6vUj7Pvd9ZpZsYC6VCLXOaNxb90a_POGw@mail.gmail.com> <20190813215823.3sfbakzzjjykyng2@ast-mbp> <201908151203.FE87970@keescook> <20190815234622.t65oxm5mtfzy6fhg@ast-mbp.dhcp.thefacebook.com> <B0364660-AD6A-4E5C-B04F-3B6DA78B4BBE@amacapital.net> <20190816214542.inpt6p655whc2ejw@ast-mbp.dhcp.thefacebook.com> <20190816222252.a7zizw7azkxnv3ot@wittgenstein> <20190817150843.4vsmzpwpcvzndjld@ast-mbp>
Reply-to: christian.brauner@xxxxxxxxxx
User-agent: K-9 Mail for Android

On August 17, 2019 5:08:45 PM GMT+02:00, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote:
>On Sat, Aug 17, 2019 at 12:22:53AM +0200, Christian Brauner wrote:
>> 
>> (The one usecase I'd care about is to extend seccomp to do
>pointer-based
>> syscall filtering. Whether or not that'd require (unprivileged) ebpf
>is
>> up for discussion at KSummit.)
>
>Kees have been always against using ebpf in seccomp. I believe he still
>holds this opinion. Until he changes his mind let's stop bringing
>seccomp
>as a use case for unpriv bpf.

That's why I said "whether or not".
For the record, I do prefer a non-unpriv-ebpf way.
It's still something that will most surely come up in the discussion though.

Follow-Ups:
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov

References:
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Andy Lutomirski
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Andy Lutomirski
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Kees Cook
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Andy Lutomirski
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Christian Brauner
- Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
  - From: Alexei Starovoitov

Prev by Date: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Next by Date: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Previous by thread: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Next by thread: Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]