| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87imho3kiz.fsf@toke.dk>
Date: Fri, 24 Apr 2020 18:39:48 +0200
From: Toke Høiland-Jørgensen <toke@...hat.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Andrii Nakryiko <andriin@...com>, bpf <bpf@...r.kernel.org>,
Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...com>,
Daniel Borkmann <daniel@...earbox.net>,
Kernel Team <kernel-team@...com>
Subject: Re: [PATCH bpf-next 00/10] bpf_link observability APIs
Andrii Nakryiko <andrii.nakryiko@...il.com> writes:
> On Fri, Apr 24, 2020 at 4:40 AM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>>
>> Andrii Nakryiko <andriin@...com> writes:
>>
>> > This patch series adds various observability APIs to bpf_link:
>> > - each bpf_link now gets ID, similar to bpf_map and bpf_prog, by which
>> > user-space can iterate over all existing bpf_links and create limited FD
>> > from ID;
>> > - allows to get extra object information with bpf_link general and
>> > type-specific information;
>> > - implements `bpf link show` command which lists all active bpf_links in the
>> > system;
>> > - implements `bpf link pin` allowing to pin bpf_link by ID or from other
>> > pinned path.
>> >
>> > rfc->v1:
>> > - dropped read-only bpf_links (Alexei);
>>
>> Just to make sure I understand this right: With this change, the
>> GET_FD_BY_ID operation will always return a r/w bpf_link fd that can
>> subsequently be used to detach the link? And you're doing the 'access
>> limiting' by just requiring CAP_SYS_ADMIN for the whole thing. Right? :)
>
> Right.
Great! SGTM; thanks for confirming :)
-Toke
Powered by blists - more mailing lists