[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [PATCH net-next v7 3/5] security: bpf: Add LSM hooks for bpf object related syscall
From:       James Morris <james.l.morris () oracle ! com>
Date:       2017-10-20 0:54:20
Message-ID: alpine.LFD.2.20.1710201153050.11171 () t440 ! gateway ! 2wire ! net
[Download RAW message or body]

On Wed, 18 Oct 2017, Chenbo Feng wrote:

> From: Chenbo Feng <fengc@google.com>
> 
> Introduce several LSM hooks for the syscalls that will allow the
> userspace to access to eBPF object such as eBPF programs and eBPF maps.
> The security check is aimed to enforce a per object security protection
> for eBPF object so only processes with the right priviliges can
> read/write to a specific map or use a specific eBPF program. Besides
> that, a general security hook is added before the multiplexer of bpf
> syscall to check the cmd and the attribute used for the command. The
> actual security module can decide which command need to be checked and
> how the cmd should be checked.
> 
> Signed-off-by: Chenbo Feng <fengc@google.com>


Acked-by: James Morris <james.l.morris@oracle.com>

-- 
James Morris
<james.l.morris@oracle.com>


[prev in list] [next in list] [prev in thread] [next in thread]