From: Kees Cook <keescook@chromium.org>
To: KP Singh <kpsingh@chromium.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
linux-security-module@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
James Morris <jmorris@namei.org>, Paul Turner <pjt@google.com>,
Jann Horn <jannh@google.com>,
Florent Revest <revest@chromium.org>,
Brendan Jackman <jackmanb@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI)
Date: Sat, 28 Mar 2020 14:50:14 -0700 [thread overview]
Message-ID: <202003281449.333BDAF6@keescook> (raw)
In-Reply-To: <20200328195636.GA95544@google.com>
On Sat, Mar 28, 2020 at 08:56:36PM +0100, KP Singh wrote:
> Since the attachment succeeds and the hook does not get called, it
> seems like "bpf" LSM is not being initialized and the hook, although
> present, does not get called.
>
> This indicates that "bpf" is not in CONFIG_LSM. It should, however, be
> there by default as we added it to default value of CONFIG_LSM and
> also for other DEFAULT_SECURITY_* options.
>
> Let me know if that's the case and it fixes it.
Is the selftest expected to at least fail cleanly (i.e. not segfault)
when the BPF LSF is not built into the kernel?
--
Kees Cook
next prev parent reply other threads:[~2020-03-28 21:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 19:28 [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI) KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 1/8] bpf: Introduce BPF_PROG_TYPE_LSM KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 2/8] security: Refactor declaration of LSM hooks KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 3/8] bpf: lsm: provide attachment points for BPF LSM programs KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 4/8] bpf: lsm: Implement attach, detach and execution KP Singh
2020-03-28 1:08 ` James Morris
2020-03-27 19:28 ` [PATCH bpf-next v8 5/8] bpf: lsm: Initialize the BPF LSM hooks KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 6/8] tools/libbpf: Add support for BPF_PROG_TYPE_LSM KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 7/8] bpf: lsm: Add selftests " KP Singh
2020-03-27 19:28 ` [PATCH bpf-next v8 8/8] bpf: lsm: Add Documentation KP Singh
2020-03-28 17:18 ` [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI) Daniel Borkmann
2020-03-28 19:56 ` KP Singh
2020-03-28 21:50 ` Kees Cook [this message]
2020-03-28 22:30 ` KP Singh
2020-03-29 0:07 ` KP Singh
2020-03-29 0:15 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003281449.333BDAF6@keescook \
--to=keescook@chromium.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gregkh@linuxfoundation.org \
--cc=jackmanb@chromium.org \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=kpsingh@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pjt@google.com \
--cc=revest@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).