| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231218165513.24717ec1@kernel.org> Date: Mon, 18 Dec 2023 16:55:13 -0800 From: Jakub Kicinski <kuba@...nel.org> To: torvalds@...uxfoundation.org Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, daniel@...earbox.net, andrii@...nel.org, peterz@...radead.org, brauner@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org, kernel-team@...com, linux-kernel@...r.kernel.org Subject: Re: pull-request: bpf-next 2023-12-18 On Mon, 18 Dec 2023 16:05:20 -0800 Alexei Starovoitov wrote: > 2) Introduce BPF token object, from Andrii Nakryiko. > It adds an ability to delegate a subset of BPF features from privileged daemon > (e.g., systemd) through special mount options for userns-bound BPF FS to a > trusted unprivileged application. The design accommodates suggestions from > Christian Brauner and Paul Moore. > Example: > $ sudo mkdir -p /sys/fs/bpf/token > $ sudo mount -t bpf bpffs /sys/fs/bpf/token \ > -o delegate_cmds=prog_load:MAP_CREATE \ > -o delegate_progs=kprobe \ > -o delegate_attachs=xdp LGTM, but what do I know about file systems.. Adding LKML to the CC list, if anyone has any late comments on the BPF token come forward now, petty please?
Powered by blists - more mailing lists