Hi Christoph, > On Oct 14, 2024, at 11:42 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote: > > On Tue, Oct 15, 2024 at 05:52:02AM +0000, Song Liu wrote: >>>> Do you mean user.* xattrs are untrusted (any user can set it), so we >>>> should not allow BPF programs to read them? Or do you mean xattr >>>> name "user.kfuncs" might be taken by some use space? >>> >>> All of the above. >> >> This is a selftest, "user.kfunc" is picked for this test. The kfuncs >> (bpf_get_[file|dentry]_xattr) can read any user.* xattrs. >> >> Reading untrusted xattrs from trust BPF LSM program can be useful. >> For example, we can sign a binary with private key, and save the >> signature in the xattr. Then the kernel can verify the signature >> and the binary matches the public key. > > I would expect that to be done through an actual privileged interface. > Taking an arbitrary name that was available for use by user space > programs for 20 years and now giving it a new meaning is not a good > idea. Agreed that using security.bpf xattrs are better for this use case. In fact, this patchset adds the support for security.bpf xattrs. Support for user.* xattrs were added last year. Thanks, Song
