Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

From: Christoph Hellwig
Date: Thu Oct 17 2024 - 11:04:01 EST

Next message: Shyam Sundar S K: "[PATCH 0/6] Introduce initial support for the AMD I3C (non-HCI) to DW driver"
Previous message: David Hildenbrand: "Re: [RFC PATCH 26/39] KVM: guest_memfd: Track faultability within a struct kvm_gmem_private"
In reply to: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Christian Brauner: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 16, 2024 at 04:51:37PM +0200, Christian Brauner wrote:
> >
> > I think that getting user.* xattrs from bpf hooks can still be useful for
> > introspection and other tasks so I'm not convinced we should revert that
> > functionality but maybe it is too easy to misuse? I'm not really decided.
>
> Reading user.* xattr is fine. If an LSM decides to built a security
> model around it then imho that's their business and since that happens
> in out-of-tree LSM programs: shrug.

By that argument user.kfuncs is even more useless as just being able
to read all xattrs should be just as fine.

Next message: Shyam Sundar S K: "[PATCH 0/6] Introduce initial support for the AMD I3C (non-HCI) to DW driver"
Previous message: David Hildenbrand: "Re: [RFC PATCH 26/39] KVM: guest_memfd: Track faultability within a struct kvm_gmem_private"
In reply to: Song Liu: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Christian Brauner: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]