> > > > This discussion would probably be a lot shorter if this series were sent > > with a proper explanation of how this supposed to work and what it's > > used for. > > It's currently scoped to BPF LSM (albeit limited to LSM for now) > but it won't just be used in LSM programs but some (allow-listed) > tracing programs too. > KP, Without taking sides in the discussion about the security aspect of bpf_getxattr(), I wanted to say that we have plans to add BPF hooks for fanotify event filters and AFAIK Alessio's team is working on adding BPF hooks for FUSE bypass decisions. In both those cases, being able to tag files with some xattr and use that as part of criteria in the hook would be very useful IMO, but I don't think that it should be a problem to limit the scope of the allowed namespace to security.bpf.* for these use cases. Thanks, Amir.