Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

From: Christian Brauner
Date: Mon Oct 21 2024 - 09:24:55 EST

Next message: AngeloGioacchino Del Regno: "Re: [PATCH 6/6] Input: mtk-pmic-keys - Add support for MT6328"
Previous message: Ian Dannapel: "Re: [PATCH 1/3] fpga: Add Efinix Trion & Titanium serial SPI programming driver"
In reply to: Christoph Hellwig: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Christoph Hellwig: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 17, 2024 at 08:03:51AM -0700, Christoph Hellwig wrote:
> On Wed, Oct 16, 2024 at 04:51:37PM +0200, Christian Brauner wrote:
> > >
> > > I think that getting user.* xattrs from bpf hooks can still be useful for
> > > introspection and other tasks so I'm not convinced we should revert that
> > > functionality but maybe it is too easy to misuse? I'm not really decided.
> >
> > Reading user.* xattr is fine. If an LSM decides to built a security
> > model around it then imho that's their business and since that happens
> > in out-of-tree LSM programs: shrug.
>
> By that argument user.kfuncs is even more useless as just being able
> to read all xattrs should be just as fine.

bpf shouldn't read security.* of another LSM or a host of other examples...

Next message: AngeloGioacchino Del Regno: "Re: [PATCH 6/6] Input: mtk-pmic-keys - Add support for MT6328"
Previous message: Ian Dannapel: "Re: [PATCH 1/3] fpga: Add Efinix Trion & Titanium serial SPI programming driver"
In reply to: Christoph Hellwig: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Next in thread: Christoph Hellwig: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]