From: Casey Schaufler <casey@schaufler-ca.com>
To: KP Singh <kpsingh@chromium.org>,
Linux Security Module list
<linux-security-module@vger.kernel.org>,
bpf@vger.kernel.org
Cc: Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH bpf-next v2 02/10] bpf: lsm: Add a skeleton and config options
Date: Wed, 15 Jan 2020 23:04:55 -0800 [thread overview]
Message-ID: <7b11f92b-259f-f2e1-924c-5c0518f49b3f@schaufler-ca.com> (raw)
In-Reply-To: <20200115171333.28811-3-kpsingh@chromium.org>
On 1/15/2020 9:13 AM, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
>
> The LSM can be enabled by CONFIG_SECURITY_BPF.
> Without CONFIG_SECURITY_BPF_ENFORCE, the LSM will run the
> attached eBPF programs but not enforce MAC policy based
> on the return value of the attached programs.
>
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---
> MAINTAINERS | 7 +++++++
> security/Kconfig | 11 ++++++-----
> security/Makefile | 2 ++
> security/bpf/Kconfig | 22 ++++++++++++++++++++++
> security/bpf/Makefile | 5 +++++
> security/bpf/lsm.c | 25 +++++++++++++++++++++++++
> 6 files changed, 67 insertions(+), 5 deletions(-)
> create mode 100644 security/bpf/Kconfig
> create mode 100644 security/bpf/Makefile
> create mode 100644 security/bpf/lsm.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 66a2e5e07117..0941f478cfa5 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -3203,6 +3203,13 @@ S: Supported
> F: arch/x86/net/
> X: arch/x86/net/bpf_jit_comp32.c
>
> +BPF SECURITY MODULE
> +M: KP Singh <kpsingh@chromium.org>
> +L: linux-security-module@vger.kernel.org
> +L: bpf@vger.kernel.org
> +S: Maintained
> +F: security/bpf/
> +
> BROADCOM B44 10/100 ETHERNET DRIVER
> M: Michael Chan <michael.chan@broadcom.com>
> L: netdev@vger.kernel.org
> diff --git a/security/Kconfig b/security/Kconfig
> index 2a1a2d396228..6f1aab195e7d 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -236,6 +236,7 @@ source "security/tomoyo/Kconfig"
> source "security/apparmor/Kconfig"
> source "security/loadpin/Kconfig"
> source "security/yama/Kconfig"
> +source "security/bpf/Kconfig"
> source "security/safesetid/Kconfig"
> source "security/lockdown/Kconfig"
>
> @@ -277,11 +278,11 @@ endchoice
>
> config LSM
> string "Ordered list of enabled LSMs"
> - default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK
> - default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR
> - default "lockdown,yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO
> - default "lockdown,yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC
> - default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
> + default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
> + default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
> + default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
> + default "lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
> + default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
> help
> A comma-separated list of LSMs, in initialization order.
> Any LSMs left off this list will be ignored. This can be
> diff --git a/security/Makefile b/security/Makefile
> index be1dd9d2cb2f..50e6821dd7b7 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -12,6 +12,7 @@ subdir-$(CONFIG_SECURITY_YAMA) += yama
> subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin
> subdir-$(CONFIG_SECURITY_SAFESETID) += safesetid
> subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown
> +subdir-$(CONFIG_SECURITY_BPF) += bpf
>
> # always enable default capabilities
> obj-y += commoncap.o
> @@ -29,6 +30,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/
> obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
> obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/
> obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
> +obj-$(CONFIG_SECURITY_BPF) += bpf/
> obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
>
> # Object integrity file lists
> diff --git a/security/bpf/Kconfig b/security/bpf/Kconfig
> new file mode 100644
> index 000000000000..a5f6c67ae526
> --- /dev/null
> +++ b/security/bpf/Kconfig
> @@ -0,0 +1,22 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Copyright 2019 Google LLC.
> +
> +config SECURITY_BPF
> + bool "BPF-based MAC and audit policy"
> + depends on SECURITY
> + depends on BPF_SYSCALL
> + help
> + This enables instrumentation of the security hooks with
> + eBPF programs.
> +
> + If you are unsure how to answer this question, answer N.
> +
> +config SECURITY_BPF_ENFORCE
> + bool "Deny operations based on the evaluation of the attached programs"
> + depends on SECURITY_BPF
> + help
> + eBPF programs attached to hooks can be used for both auditing and
> + enforcement. Enabling enforcement implies that the evaluation result
> + from the attached eBPF programs will allow or deny the operation
> + guarded by the security hook.
> diff --git a/security/bpf/Makefile b/security/bpf/Makefile
> new file mode 100644
> index 000000000000..26a0ab6f99b7
> --- /dev/null
> +++ b/security/bpf/Makefile
> @@ -0,0 +1,5 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Copyright 2019 Google LLC.
> +
> +obj-$(CONFIG_SECURITY_BPF) := lsm.o
> diff --git a/security/bpf/lsm.c b/security/bpf/lsm.c
> new file mode 100644
> index 000000000000..5c5c14f990ce
> --- /dev/null
> +++ b/security/bpf/lsm.c
> @@ -0,0 +1,25 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +/*
> + * Copyright 2019 Google LLC.
> + */
> +
> +#include <linux/lsm_hooks.h>
> +
> +/* This is only for internal hooks, always statically shipped as part of the
> + * BPF LSM. Statically defined hooks are appeneded to the security_hook_heads
> + * which is common for LSMs and R/O after init.
> + */
> +static struct security_hook_list lsm_hooks[] __lsm_ro_after_init = {};
s/lsm_hooks/bpf_hooks/
The lsm prefix is for the infrastructure. The way you have it is massively confusing.
> +
> +static int __init lsm_init(void)
s/lsm_init/bpf_init/
Same reason. When I'm looking at several security modules at once I
need to be able to tell them apart.
> +{
> + security_add_hooks(lsm_hooks, ARRAY_SIZE(lsm_hooks), "bpf");
> + pr_info("eBPF and LSM are friends now.\n");
Cute message, but not very informative if you haven't read the code.
"LSM support for eBPF active\n" is more likely to be comprehensible.
> + return 0;
> +}
> +
> +DEFINE_LSM(bpf) = {
> + .name = "bpf",
> + .init = lsm_init,
> +};
next prev parent reply other threads:[~2020-01-16 7:05 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 17:13 [PATCH bpf-next v2 00/10] MAC and Audit policy using eBPF (KRSI) KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 01/10] bpf: btf: Make some of the API visible outside BTF KP Singh
2020-01-18 12:44 ` kbuild test robot
2020-01-18 12:44 ` kbuild test robot
2020-01-20 11:00 ` KP Singh
2020-01-20 11:00 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 02/10] bpf: lsm: Add a skeleton and config options KP Singh
2020-01-16 7:04 ` Casey Schaufler [this message]
2020-01-16 12:52 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 03/10] bpf: lsm: Introduce types for eBPF based LSM KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 04/10] bpf: lsm: Add mutable hooks list for the BPF LSM KP Singh
2020-01-15 17:30 ` Stephen Smalley
2020-01-16 9:48 ` KP Singh
2020-01-16 6:33 ` Casey Schaufler
2020-01-16 10:19 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 05/10] bpf: lsm: BTF API for LSM hooks KP Singh
2020-01-17 0:28 ` Andrii Nakryiko
2020-01-20 11:10 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 06/10] bpf: lsm: Implement attach, detach and execution KP Singh
2020-01-15 17:24 ` Greg Kroah-Hartman
2020-01-16 9:45 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 07/10] bpf: lsm: Make the allocated callback RO+X KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 08/10] tools/libbpf: Add support for BPF_PROG_TYPE_LSM KP Singh
2020-01-15 21:19 ` Andrii Nakryiko
2020-01-15 21:37 ` Andrii Nakryiko
2020-01-16 12:49 ` KP Singh
2020-01-16 17:26 ` KP Singh
2020-01-16 19:10 ` Andrii Nakryiko
2020-01-17 22:16 ` KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 09/10] bpf: lsm: Add selftests " KP Singh
2020-01-15 17:13 ` [PATCH bpf-next v2 10/10] bpf: lsm: Add Documentation KP Singh
2020-01-15 22:12 ` [PATCH bpf-next v2 00/10] MAC and Audit policy using eBPF (KRSI) Andrii Nakryiko
2020-01-20 11:12 ` KP Singh
2020-01-16 10:03 ` Brendan Jackman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b11f92b-259f-f2e1-924c-5c0518f49b3f@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=bpf@vger.kernel.org \
--cc=kpsingh@chromium.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.