From: "Mickaël Salaün" <mic@digikod.net>
To: Paul Moore <paul@paul-moore.com>
Cc: ast@kernel.org, daniel@iogearbox.net, kpsingh@kernel.org,
john.fastabend@gmail.com, Justin Suess <utilityemal77@gmail.com>,
andrii@kernel.org, viro@zeniv.linux.org.uk, brauner@kernel.org,
kees@kernel.org, gnoack@google.com, jack@suse.cz,
jmorris@namei.org, serge@hallyn.com, song@kernel.org,
yonghong.song@linux.dev, martin.lau@linux.dev, m@maowtm.org,
eddyz87@gmail.com, sdf@fomichev.me, skhan@linuxfoundation.org,
bpf@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Frederick Lawler <fred@cloudflare.com>
Subject: Re: [RFC PATCH 06/20] bpf: lsm: Add Landlock kfuncs
Date: Wed, 1 Jul 2026 21:49:07 +0200 [thread overview]
Message-ID: <20260701.oTeikequi3ee@digikod.net> (raw)
In-Reply-To: <CAHC9VhRzZVUz8icZ2RD9OVvscJdZW3ivPERJLEkNi5poBeguxw@mail.gmail.com>
On Wed, Jul 01, 2026 at 02:38:08PM -0400, Paul Moore wrote:
> On Wed, Jul 1, 2026 at 2:34 PM Mickaël Salaün <mic@digikod.net> wrote:
> > On Wed, Jul 01, 2026 at 09:28:22AM -0400, Paul Moore wrote:
> > > On Wed, Jul 1, 2026 at 8:52 AM Justin Suess <utilityemal77@gmail.com> wrote:
> > > > On Wed, Jul 01, 2026 at 08:12:34AM -0400, Paul Moore wrote:
> > > > > On Wed, Jul 1, 2026 at 6:59 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > > > > On Tue, Apr 07, 2026 at 04:01:28PM -0400, Justin Suess wrote:
> > > > > > > Create 2 kfuncs exposing control over Landlock functionality to BPF
> > > > > > > callers. Export an opaque struct bpf_landlock_ruleset preventing callers
> > > > > > > from accessing unstable internal Landlock fields.
> > > > >
> > > > > Generally speaking we don't want to provide APIs, either in-kernel or
> > > > > at the userspace/kernel boundary, that are specific to a single LSM,
> > > > > see the LSM syscalls or the security_current_getlsmprop_subj()
> > > > > function as examples.
> >
> > This patch series is not about the LSM framework, only about Landlock
> > and its specific model and use case. Landlock using some of the LSM API
> > is not relevant here.
>
> Based on a quick look the patchset enables BPF programs to call
> directly into Landlock. For the same reason we discourage other parts
> of the kernel to call directly into individual LSMs, we want to
> discourage BPF programs from calling directly into individual LSMs.
We're OK for a dedicated kfunc to call directly into Landlock (with a
tailored interface). Landlock is designed around its syscall interfaces
(well documented, tailored, tested), and this would be a new user of
almost the same UAPI.
next prev parent reply other threads:[~2026-07-01 19:49 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 20:01 [RFC PATCH 00/20] BPF interface for applying Landlock rulesets Justin Suess
2026-04-07 20:01 ` [RFC PATCH 01/20] landlock: Move operations from syscall into ruleset code Justin Suess
2026-04-07 20:01 ` [RFC PATCH 02/20] execve: Add set_nnp_on_point_of_no_return Justin Suess
2026-04-07 20:01 ` [RFC PATCH 03/20] landlock: Implement LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS Justin Suess
2026-04-07 20:01 ` [RFC PATCH 04/20] selftests/landlock: Cover LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS Justin Suess
2026-04-07 20:01 ` [RFC PATCH 05/20] landlock: Make ruleset deferred free RCU safe Justin Suess
2026-04-07 20:01 ` [RFC PATCH 06/20] bpf: lsm: Add Landlock kfuncs Justin Suess
2026-07-01 10:59 ` Mickaël Salaün
2026-07-01 12:12 ` Paul Moore
2026-07-01 12:52 ` Justin Suess
2026-07-01 13:28 ` Paul Moore
2026-07-01 18:29 ` Justin Suess
2026-07-01 18:33 ` Paul Moore
2026-07-01 18:34 ` Mickaël Salaün
2026-07-01 18:38 ` Paul Moore
2026-07-01 19:49 ` Mickaël Salaün [this message]
2026-07-01 19:55 ` Justin Suess
2026-07-01 20:02 ` Paul Moore
2026-07-01 21:28 ` Mickaël Salaün
2026-07-01 23:32 ` Paul Moore
2026-07-01 21:41 ` Casey Schaufler
2026-07-01 19:56 ` Paul Moore
2026-04-07 20:01 ` [RFC PATCH 07/20] bpf: arraymap: Implement Landlock ruleset map Justin Suess
2026-04-07 20:01 ` [RFC PATCH 08/20] bpf: Add Landlock ruleset map type Justin Suess
2026-04-16 21:12 ` Song Liu
2026-04-16 21:53 ` Justin Suess
2026-04-16 23:47 ` Song Liu
2026-04-17 14:09 ` Justin Suess
2026-04-17 15:18 ` Mickaël Salaün
2026-04-17 16:10 ` Song Liu
2026-04-17 18:01 ` Mickaël Salaün
2026-04-17 16:51 ` Justin Suess
2026-04-17 18:03 ` Mickaël Salaün
2026-04-17 20:33 ` Justin Suess
2026-04-17 20:42 ` Song Liu
2026-04-18 21:50 ` Justin Suess
2026-04-17 16:01 ` Song Liu
2026-04-07 20:01 ` [RFC PATCH 09/20] bpf: syscall: Handle Landlock ruleset maps Justin Suess
2026-04-07 20:01 ` [RFC PATCH 10/20] bpf: verifier: Add Landlock ruleset map support Justin Suess
2026-04-07 20:01 ` [RFC PATCH 11/20] selftests/bpf: Add Landlock kfunc declarations Justin Suess
2026-04-07 20:01 ` [RFC PATCH 12/20] selftests/landlock: Rename gettid wrapper for BPF reuse Justin Suess
2026-04-07 20:01 ` [RFC PATCH 13/20] selftests/bpf: Enable Landlock in selftests kernel Justin Suess
2026-04-07 20:01 ` [RFC PATCH 14/20] selftests/bpf: Add Landlock kfunc test program Justin Suess
2026-04-07 20:01 ` [RFC PATCH 15/20] selftests/bpf: Add Landlock kfunc test runner Justin Suess
2026-04-07 20:01 ` [RFC PATCH 16/20] landlock: Bump ABI version Justin Suess
2026-04-07 20:01 ` [RFC PATCH 17/20] tools: bpftool: Add documentation for landlock_ruleset Justin Suess
2026-04-07 20:01 ` [RFC PATCH 18/20] landlock: Document LANDLOCK_RESTRICT_SELF_NO_NEW_PRIVS Justin Suess
2026-04-07 20:01 ` [RFC PATCH 19/20] bpf: Document BPF_MAP_TYPE_LANDLOCK_RULESET Justin Suess
2026-04-07 20:01 ` [RFC PATCH 20/20] MAINTAINERS: update entry for the Landlock subsystem Justin Suess
2026-04-08 4:40 ` [RFC PATCH 00/20] BPF interface for applying Landlock rulesets Ihor Solodrai
2026-04-08 11:41 ` Justin Suess
2026-04-08 14:00 ` Mickaël Salaün
2026-04-08 17:10 ` Justin Suess
2026-04-08 19:21 ` Mickaël Salaün
2026-04-10 12:43 ` Justin Suess
2026-04-13 15:06 ` Justin Suess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701.oTeikequi3ee@digikod.net \
--to=mic@digikod.net \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=fred@cloudflare.com \
--cc=gnoack@google.com \
--cc=jack@suse.cz \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=kees@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=martin.lau@linux.dev \
--cc=paul@paul-moore.com \
--cc=sdf@fomichev.me \
--cc=serge@hallyn.com \
--cc=skhan@linuxfoundation.org \
--cc=song@kernel.org \
--cc=utilityemal77@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox