Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

From: Christoph Hellwig
Date: Wed Oct 23 2024 - 02:45:43 EST

Next message: Masahiro Yamada: "Re: [PATCH v4 1/6] Add AutoFDO support for Clang build"
Previous message: Danilo Krummrich: "Re: [PATCH v3 15/16] rust: platform: add basic platform device / driver abstractions"
In reply to: Christian Brauner: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 21, 2024 at 03:24:30PM +0200, Christian Brauner wrote:
> On Thu, Oct 17, 2024 at 08:03:51AM -0700, Christoph Hellwig wrote:
> > On Wed, Oct 16, 2024 at 04:51:37PM +0200, Christian Brauner wrote:
> > > >
> > > > I think that getting user.* xattrs from bpf hooks can still be useful for
> > > > introspection and other tasks so I'm not convinced we should revert that
> > > > functionality but maybe it is too easy to misuse? I'm not really decided.
> > >
> > > Reading user.* xattr is fine. If an LSM decides to built a security
> > > model around it then imho that's their business and since that happens
> > > in out-of-tree LSM programs: shrug.
> >
> > By that argument user.kfuncs is even more useless as just being able
> > to read all xattrs should be just as fine.
>
> bpf shouldn't read security.* of another LSM or a host of other examples...

Sorry if I was unclear, but this was all about user.*.

Next message: Masahiro Yamada: "Re: [PATCH v4 1/6] Add AutoFDO support for Clang build"
Previous message: Danilo Krummrich: "Re: [PATCH v3 15/16] rust: platform: add basic platform device / driver abstractions"
In reply to: Christian Brauner: "Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]