| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Oct 2023 18:53:40 -0400 From: Paul Moore <paul@...l-moore.com> To: Andrii Nakryiko <andrii.nakryiko@...il.com> Cc: Christian Brauner <brauner@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, bpf@...r.kernel.org, netdev@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, keescook@...omium.org, lennart@...ttering.net, kernel-team@...a.com, sargun@...gun.me Subject: Re: [PATCH v5 bpf-next 03/13] bpf: introduce BPF token object On Wed, Sep 27, 2023 at 12:03 PM Andrii Nakryiko <andrii.nakryiko@...il.com> wrote: > On Wed, Sep 27, 2023 at 2:52 AM Christian Brauner <brauner@...nel.org> wrote: ... > > IOW, everything stays the same apart from the fact that bpf token fds > > are actually file descriptors referring to a detached bpffs file instead > > of an anonymous inode file. IOW, bpf tokens are actual bpffs objects > > tied to a bpffs instance. > > Ah, ok, this is a much smaller change than what I was about to make. > I'm glad I asked and thanks for elaborating! I'll use > alloc_file_pseudo() using bpffs mount in the next revision. Just a FYI, I'm still looking at v6 now, but moving from an anon_inode to a bpffs inode may mean we need to drop a LSM hook in bpf_token_create() to help mark the inode as a BPF token. Not a big deal either way, and I think it makes sense to use a bpffs inode as opposed to an anonymous inode, just wanted to let you know. -- paul-moore.com
Powered by blists - more mailing lists