[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202003281449.333BDAF6@keescook>
Date: Sat, 28 Mar 2020 14:50:14 -0700
From: Kees Cook <keescook@...omium.org>
To: KP Singh <kpsingh@...omium.org>
Cc: Daniel Borkmann <daniel@...earbox.net>,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
linux-security-module@...r.kernel.org,
Alexei Starovoitov <ast@...nel.org>,
James Morris <jmorris@...ei.org>, Paul Turner <pjt@...gle.com>,
Jann Horn <jannh@...gle.com>,
Florent Revest <revest@...omium.org>,
Brendan Jackman <jackmanb@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI)
On Sat, Mar 28, 2020 at 08:56:36PM +0100, KP Singh wrote:
> Since the attachment succeeds and the hook does not get called, it
> seems like "bpf" LSM is not being initialized and the hook, although
> present, does not get called.
>
> This indicates that "bpf" is not in CONFIG_LSM. It should, however, be
> there by default as we added it to default value of CONFIG_LSM and
> also for other DEFAULT_SECURITY_* options.
>
> Let me know if that's the case and it fixes it.
Is the selftest expected to at least fail cleanly (i.e. not segfault)
when the BPF LSF is not built into the kernel?
--
Kees Cook
Powered by blists - more mailing lists