All of lore.kernel.org
 help / color / mirror / Atom feed
From: KP Singh <kpsingh@kernel.org>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Paul Moore <paul@paul-moore.com>,
	Christian Brauner <brauner@kernel.org>,
	Frederick Lawler <fred@cloudflare.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	revest@chromium.org, jackmanb@chromium.org, ast@kernel.org,
	andrii@kernel.org, kafai@fb.com, songliubraving@fb.com,
	yhs@fb.com, john.fastabend@gmail.com, jmorris@namei.org,
	serge@hallyn.com, bpf@vger.kernel.org,
	linux-security-module@vger.kernel.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel-team@cloudflare.com
Subject: Re: [PATCH 0/2] Introduce security_create_user_ns()
Date: Tue, 28 Jun 2022 00:27:40 +0200	[thread overview]
Message-ID: <CACYkzJ5CfBmc8th0t5_URvr0eKcx7_knqyi6GoCpvSJfXdv6cQ@mail.gmail.com> (raw)
In-Reply-To: <6a8fba0a-c9c9-61ba-793a-c2e0c2924f88@iogearbox.net>

On Tue, Jun 28, 2022 at 12:15 AM Daniel Borkmann <daniel@iogearbox.net> wrote:
>
> On 6/27/22 11:56 PM, Paul Moore wrote:
> > On Mon, Jun 27, 2022 at 8:11 AM Christian Brauner <brauner@kernel.org> wrote:
> >> On Thu, Jun 23, 2022 at 11:21:37PM -0400, Paul Moore wrote:
> >
> > ...
> >
> >>> This is one of the reasons why I usually like to see at least one LSM
> >>> implementation to go along with every new/modified hook.  The
> >>> implementation forces you to think about what information is necessary
> >>> to perform a basic access control decision; sometimes it isn't always
> >>> obvious until you have to write the access control :)
> >>
> >> I spoke to Frederick at length during LSS and as I've been given to
> >> understand there's a eBPF program that would immediately use this new
> >> hook. Now I don't want to get into the whole "Is the eBPF LSM hook
> >> infrastructure an LSM" but I think we can let this count as a legitimate
> >> first user of this hook/code.
> >
> > Yes, for the most part I don't really worry about the "is a BPF LSM a
> > LSM?" question, it's generally not important for most discussions.
> > However, there is an issue unique to the BPF LSMs which I think is
> > relevant here: there is no hook implementation code living under
> > security/.  While I talked about a hook implementation being helpful
> > to verify the hook prototype, it is also helpful in providing an
> > in-tree example for other LSMs; unfortunately we don't get that same
> > example value when the initial hook implementation is a BPF LSM.
>
> I would argue that such a patch series must come together with a BPF
> selftest which then i) contains an in-tree usage example, ii) adds BPF
> CI test coverage. Shipping with a BPF selftest at least would be the
> usual expectation.

+1 I would also recommend that this comes with a BPF selftest as
suggested by Daniel.

>
> Thanks,
> Daniel

  reply	other threads:[~2022-06-27 22:28 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-21 23:39 [PATCH 0/2] Introduce security_create_user_ns() Frederick Lawler
2022-06-21 23:39 ` [PATCH 1/2] security, lsm: " Frederick Lawler
2022-06-21 23:39 ` [PATCH 2/2] bpf-lsm: Make bpf_lsm_create_user_ns() sleepable Frederick Lawler
2022-06-22  0:19 ` [PATCH 0/2] Introduce security_create_user_ns() Casey Schaufler
2022-06-22 14:24   ` Frederick Lawler
2022-06-22 15:26     ` Casey Schaufler
2022-06-22 15:26     ` Casey Schaufler
2022-06-24  3:21     ` Paul Moore
2022-06-27 12:11       ` Christian Brauner
2022-06-27 15:51         ` Frederick Lawler
2022-06-27 15:56           ` Christian Brauner
2022-06-27 17:24             ` Casey Schaufler
2022-06-27 22:13           ` Paul Moore
2022-06-27 21:56         ` Paul Moore
2022-06-27 22:15           ` Daniel Borkmann
2022-06-27 22:27             ` KP Singh [this message]
2022-06-27 22:27             ` Paul Moore
2022-06-27 23:18               ` Casey Schaufler
2022-06-28 15:14                 ` Frederick Lawler
2022-06-28 16:02                   ` Casey Schaufler
2022-06-28 16:12                     ` KP Singh
2022-06-28 16:44                       ` Frederick Lawler
2022-06-28 15:11             ` Frederick Lawler
2022-06-28 15:13               ` Paul Moore
2022-06-30 18:28     ` Eric W. Biederman
2022-07-01  3:47       ` Frederick Lawler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACYkzJ5CfBmc8th0t5_URvr0eKcx7_knqyi6GoCpvSJfXdv6cQ@mail.gmail.com \
    --to=kpsingh@kernel.org \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=brauner@kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=daniel@iogearbox.net \
    --cc=fred@cloudflare.com \
    --cc=jackmanb@chromium.org \
    --cc=jmorris@namei.org \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kernel-team@cloudflare.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=revest@chromium.org \
    --cc=serge@hallyn.com \
    --cc=songliubraving@fb.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.