| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Oct 2017 11:54:20 +1100 (AEDT)
From: James Morris <james.l.morris@...cle.com>
To: Chenbo Feng <chenbofeng.kernel@...il.com>
cc: netdev@...r.kernel.org, SELinux <Selinux@...ho.nsa.gov>,
linux-security-module@...r.kernel.org,
Jeffrey Vander Stoep <jeffv@...gle.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
lorenzo@...gle.com, Daniel Borkmann <daniel@...earbox.net>,
Stephen Smalley <sds@...ho.nsa.gov>,
Paul Moore <paul@...l-moore.com>,
Chenbo Feng <fengc@...gle.com>
Subject: Re: [PATCH net-next v7 3/5] security: bpf: Add LSM hooks for bpf
object related syscall
On Wed, 18 Oct 2017, Chenbo Feng wrote:
> From: Chenbo Feng <fengc@...gle.com>
>
> Introduce several LSM hooks for the syscalls that will allow the
> userspace to access to eBPF object such as eBPF programs and eBPF maps.
> The security check is aimed to enforce a per object security protection
> for eBPF object so only processes with the right priviliges can
> read/write to a specific map or use a specific eBPF program. Besides
> that, a general security hook is added before the multiplexer of bpf
> syscall to check the cmd and the attribute used for the command. The
> actual security module can decide which command need to be checked and
> how the cmd should be checked.
>
> Signed-off-by: Chenbo Feng <fengc@...gle.com>
Acked-by: James Morris <james.l.morris@...cle.com>
--
James Morris
<james.l.morris@...cle.com>
Powered by blists - more mailing lists