On 29/08/2017 03:44, Chenbo Feng wrote:
> On Mon, Aug 28, 2017 at 6:15 PM, Alexei Starovoitov
> wrote:
>> On Mon, Aug 28, 2017 at 05:47:19PM -0700, Chenbo Feng wrote:
>>> On Fri, Aug 25, 2017 at 6:03 PM, Alexei Starovoitov
>>> wrote:
On Fri, Aug 25, 2017 at 10:07:27PM +0200, Daniel Borkmann
On Mon, Aug 28, 2017 at 6:15 PM, Alexei Starovoitov
wrote:
> On Mon, Aug 28, 2017 at 05:47:19PM -0700, Chenbo Feng wrote:
>> On Fri, Aug 25, 2017 at 6:03 PM, Alexei Starovoitov
>> wrote:
>> > On Fri, Aug 25, 2017 at 10:07:27PM +0200, Daniel Borkmann wrote:
>> >> On 08/25/2017 09:52 PM, Chenbo Fen
On Mon, Aug 28, 2017 at 05:47:19PM -0700, Chenbo Feng wrote:
> On Fri, Aug 25, 2017 at 6:03 PM, Alexei Starovoitov
> wrote:
> > On Fri, Aug 25, 2017 at 10:07:27PM +0200, Daniel Borkmann wrote:
> >> On 08/25/2017 09:52 PM, Chenbo Feng wrote:
> >> > On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander S
On Fri, Aug 25, 2017 at 6:03 PM, Alexei Starovoitov
wrote:
> On Fri, Aug 25, 2017 at 10:07:27PM +0200, Daniel Borkmann wrote:
>> On 08/25/2017 09:52 PM, Chenbo Feng wrote:
>> > On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep
>> > wrote:
>> > > On Fri, Aug 25, 2017 at 12:26 PM, Stephen Sma
On Fri, Aug 25, 2017 at 10:07:27PM +0200, Daniel Borkmann wrote:
> On 08/25/2017 09:52 PM, Chenbo Feng wrote:
> > On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep
> > wrote:
> > > On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley
> > > wrote:
> > > > On Fri, 2017-08-25 at 11:01 -0700, Jef
On Fri, Aug 25, 2017 at 1:40 PM, Stephen Smalley wrote:
> On Fri, 2017-08-25 at 12:52 -0700, Chenbo Feng via Selinux wrote:
>> On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep > com> wrote:
>> > On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley > > v> wrote:
>> > > On Fri, 2017-08-25 at 11:0
On Fri, 2017-08-25 at 12:52 -0700, Chenbo Feng via Selinux wrote:
> On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep com> wrote:
> > On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley > v> wrote:
> > > On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via
> > > Selinux
> > > wrote:
> >
On 08/25/2017 09:52 PM, Chenbo Feng wrote:
On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep wrote:
On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley wrote:
On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via Selinux
wrote:
I’d like to get your thoughts on adding LSM permission
Adding the LSM list to the thread.
On 8/25/2017 11:01 AM, Jeffrey Vander Stoep via Selinux wrote:
> I’d like to get your thoughts on adding LSM permission checks on BPF objects.
Aside from the use of these objects requiring privilege,
what sort of controls do you think might be reasonable?
Who "o
On Fri, Aug 25, 2017 at 12:45 PM, Jeffrey Vander Stoep wrote:
> On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley wrote:
>> On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via Selinux
>> wrote:
>>> I’d like to get your thoughts on adding LSM permission checks on BPF
>>> objects.
>>>
>>> B
On Fri, Aug 25, 2017 at 12:26 PM, Stephen Smalley wrote:
> On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via Selinux
> wrote:
>> I’d like to get your thoughts on adding LSM permission checks on BPF
>> objects.
>>
>> By default, the ability to create and use eBPF maps/programs requires
>>
On Fri, 2017-08-25 at 11:01 -0700, Jeffrey Vander Stoep via Selinux
wrote:
> I’d like to get your thoughts on adding LSM permission checks on BPF
> objects.
>
> By default, the ability to create and use eBPF maps/programs requires
> CAP_SYS_ADMIN [1]. Alternatively, all processes can be granted ac
I’d like to get your thoughts on adding LSM permission checks on BPF objects.
By default, the ability to create and use eBPF maps/programs requires
CAP_SYS_ADMIN [1]. Alternatively, all processes can be granted access
to bpf() functions. This seems like poor granularity. [2]
Like files and socket
13 matches
Mail list logo
