lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Feb 2017 18:14:12 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Alexei Starovoitov <ast@...com>, "David S . Miller" <davem@...emloft.net> CC: David Ahern <dsa@...ulusnetworks.com>, Daniel Mack <daniel@...que.org>, Tejun Heo <tj@...nel.org>, Andy Lutomirski <luto@...capital.net>, netdev@...r.kernel.org Subject: Re: [PATCH v2 net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag On 02/11/2017 05:28 AM, Alexei Starovoitov wrote: > If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command > to the given cgroup the descendent cgroup will be able to override > effective bpf program that was inherited from this cgroup. > By default it's not passed, therefore override is disallowed. > > Examples: > 1. > prog X attached to /A with default > prog Y fails to attach to /A/B and /A/B/C > Everything under /A runs prog X > > 2. > prog X attached to /A with allow_override. > prog Y fails to attach to /A/B with default (non-override) > prog M attached to /A/B with allow_override. > Everything under /A/B runs prog M only. > > 3. > prog X attached to /A with allow_override. > prog Y fails to attach to /A with default. > The user has to detach first to switch the mode. > > In the future this behavior may be extended with a chain of > non-overridable programs. > > Also fix the bug where detach from cgroup where nothing is attached > was not throwing error. Return ENOENT in such case. > > Add several testcases and adjust libbpf. > > Fixes: 3007098494be ("cgroup: add support for eBPF programs") > Signed-off-by: Alexei Starovoitov <ast@...nel.org> Seems ok from my side: Acked-by: Daniel Borkmann <daniel@...earbox.net>
Powered by blists - more mailing lists