Re: [RFC PATCH security-next 0/4] Introducing Hornet LSM

From: Jarkko Sakkinen
Date: Sat Mar 22 2025 - 13:22:22 EST

Next message: Guenter Roeck: "Re: [PATCH v5 2/2] hwmon:(ina238)Add support for SQ52206"
Previous message: Joel Fernandes: "Re: [PATCH 2/2] rcu: Robustify rcu_is_cpu_rrupt_from_idle()"
In reply to: Paul Moore: "Re: [RFC PATCH security-next 0/4] Introducing Hornet LSM"
Next in thread: Paul Moore: "Re: [RFC PATCH security-next 0/4] Introducing Hornet LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
> This patch series introduces the Hornet LSM.
>
> Hornet takes a simple approach to light-skeleton-based eBPF signature

Can you define "light-skeleton-based" before using the term.

This is the first time in my life when I hear about it.

> verification. Signature data can be easily generated for the binary

s/easily//

Useless word having no measure.

> data that is generated via bpftool gen -L. This signature can be

I have no idea what that command does.

"Signature data can be generated for the binary data as follows:

bpftool gen -L

<explanation>"

Here you'd need to answer to couple of unknowns:

1. What is in exact terms "signature data"?
2. What does "bpftool gen -L" do?

This feedback maps to other examples too in the cover letter.

BR, Jarkko

Next message: Guenter Roeck: "Re: [PATCH v5 2/2] hwmon:(ina238)Add support for SQ52206"
Previous message: Joel Fernandes: "Re: [PATCH 2/2] rcu: Robustify rcu_is_cpu_rrupt_from_idle()"
In reply to: Paul Moore: "Re: [RFC PATCH security-next 0/4] Introducing Hornet LSM"
Next in thread: Paul Moore: "Re: [RFC PATCH security-next 0/4] Introducing Hornet LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]