From: Paul Moore <paul@paul-moore.com>
To: Andrii Nakryiko <andrii@kernel.org>, <bpf@vger.kernel.org>,
<netdev@vger.kernel.org>
Cc: <linux-fsdevel@vger.kernel.org>,
<linux-security-module@vger.kernel.org>, <keescook@chromium.org>,
<brauner@kernel.org>, <lennart@poettering.net>,
<kernel-team@meta.com>, <sargun@sargun.me>
Subject: Re: [PATCH v7 11/18] bpf,lsm: add bpf_token_create and bpf_token_free LSM hooks
Date: Fri, 13 Oct 2023 17:15:38 -0400 [thread overview]
Message-ID: <91ed4874a98b620dfa2bd6fe2966f8a7.paul@paul-moore.com> (raw)
In-Reply-To: <20231012222810.4120312-12-andrii@kernel.org>
On Oct 12, 2023 Andrii Nakryiko <andrii@kernel.org> wrote:
>
> Wire up bpf_token_create and bpf_token_free LSM hooks, which allow to
> allocate LSM security blob (we add `void *security` field to struct
> bpf_token for that), but also control who can instantiate BPF token.
> This follows existing pattern for BPF map and BPF prog.
>
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> ---
> include/linux/bpf.h | 3 +++
> include/linux/lsm_hook_defs.h | 3 +++
> include/linux/security.h | 11 +++++++++++
> kernel/bpf/bpf_lsm.c | 2 ++
> kernel/bpf/token.c | 6 ++++++
> security/security.c | 28 ++++++++++++++++++++++++++++
> 6 files changed, 53 insertions(+)
...
> diff --git a/kernel/bpf/token.c b/kernel/bpf/token.c
> index d4e0cc8075d3..18fd1e04f92d 100644
> --- a/kernel/bpf/token.c
> +++ b/kernel/bpf/token.c
> @@ -7,6 +7,7 @@
> #include <linux/idr.h>
> #include <linux/namei.h>
> #include <linux/user_namespace.h>
> +#include <linux/security.h>
>
> bool bpf_token_capable(const struct bpf_token *token, int cap)
> {
> @@ -28,6 +29,7 @@ void bpf_token_inc(struct bpf_token *token)
>
> static void bpf_token_free(struct bpf_token *token)
> {
> + security_bpf_token_free(token);
> put_user_ns(token->userns);
> kvfree(token);
> }
> @@ -183,6 +185,10 @@ int bpf_token_create(union bpf_attr *attr)
> token->allowed_progs = mnt_opts->delegate_progs;
> token->allowed_attachs = mnt_opts->delegate_attachs;
>
> + err = security_bpf_token_create(token, attr, &path);
> + if (err)
> + goto out_token;
> +
> fd = get_unused_fd_flags(O_CLOEXEC);
> if (fd < 0) {
> err = fd;
As long as bpf_token_alloc() remains separate from bpf_token_create()
I'm not comfortable not having a security_bpf_token_alloc() hook in
bpf_token_alloc(). If you really don't want a LSM token alloc hook
can you fold bpf_token_alloc() into bpf_token_create()?
--
paul-moore.com
next prev parent reply other threads:[~2023-10-13 21:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-12 22:27 [PATCH v7 bpf-next 00/18] BPF token and BPF FS-based delegation Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 01/18] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 02/18] bpf: add BPF token delegation mount options to BPF FS Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 03/18] bpf: introduce BPF token object Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 04/18] bpf: add BPF token support to BPF_MAP_CREATE command Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 05/18] bpf: add BPF token support to BPF_BTF_LOAD command Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 06/18] bpf: add BPF token support to BPF_PROG_LOAD command Andrii Nakryiko
2023-10-13 21:15 ` [PATCH v7 6/18] " Paul Moore
2023-10-13 21:55 ` Andrii Nakryiko
2023-10-12 22:27 ` [PATCH v7 bpf-next 07/18] bpf: take into account BPF token when fetching helper protos Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 08/18] bpf: consistenly use BPF token throughout BPF verifier logic Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 09/18] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 10/18] bpf,lsm: refactor bpf_map_alloc/bpf_map_free " Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 11/18] bpf,lsm: add bpf_token_create and bpf_token_free " Andrii Nakryiko
2023-10-13 21:15 ` Paul Moore [this message]
2023-10-13 21:55 ` [PATCH v7 " Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 12/18] libbpf: add bpf_token_create() API Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 13/18] selftests/bpf: fix test_maps' use of bpf_map_create_opts Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 14/18] libbpf: add BPF token support to bpf_map_create() API Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 15/18] libbpf: add BPF token support to bpf_btf_load() API Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 16/18] libbpf: add BPF token support to bpf_prog_load() API Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 17/18] selftests/bpf: add BPF token-enabled tests Andrii Nakryiko
2023-10-12 22:28 ` [PATCH v7 bpf-next 18/18] bpf,selinux: allocate bpf_security_struct per BPF token Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91ed4874a98b620dfa2bd6fe2966f8a7.paul@paul-moore.com \
--to=paul@paul-moore.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-team@meta.com \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.