Re: [PATCH RFC bpf-next 0/4] audit: Expose audit subsystem to BPF LSM programs via BPF kfuncs

Next message: Stefano Stabellini: "Re: [PATCH] xen/arm: Replace __ASSEMBLY__ with __ASSEMBLER__ in interface.h"
Previous message: Gregory Price: "Re: [PATCH V10 00/10] famfs: port into fuse"
In reply to: Paul Moore: "Re: [PATCH RFC bpf-next 0/4] audit: Expose audit subsystem to BPF LSM programs via BPF kfuncs"
Next in thread: Paul Moore: "Re: [PATCH RFC bpf-next 0/4] audit: Expose audit subsystem to BPF LSM programs via BPF kfuncs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexei Starovoitov

Date: Tue Apr 21 2026 - 18:17:03 EST

On Tue, Apr 21, 2026 at 3:10 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
>
> > It's still Nack.
>
> Based solely on the diffstat and a quick look, this appears to be an
> LSM patchset, not necessarily a BPF patchset; yes, there are kfuncs,
> but they are LSM/audit kfuncs and not core BPF functionality.
> Regardless, I want to see how the LSS presentation is received before
> worrying about this too much, but your NACK has been noted.

Paul,

told you countless times LSM cannot touch BPF bits without
explicit Ack.

So, no, you cannot add bpf kfuncs in random places in the kernel
And, no, you cannot call bpf internals through bpf_map_ops, etc.