Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Alexei Starovoitov <hidden>
Date: 2019-08-17 15:36:59
Also in:
bpf, linux-security-module, netdev
Possibly related (same subject, not in this thread)
- 2019-06-28 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Christian Brauner <christian@brauner.io>
- 2019-06-27 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Andy Lutomirski <luto@kernel.org>
On Sat, Aug 17, 2019 at 05:16:53PM +0200, Christian Brauner wrote:
On August 17, 2019 5:08:45 PM GMT+02:00, Alexei Starovoitov [off-list ref] wrote:quoted
On Sat, Aug 17, 2019 at 12:22:53AM +0200, Christian Brauner wrote:quoted
(The one usecase I'd care about is to extend seccomp to dopointer-basedquoted
syscall filtering. Whether or not that'd require (unprivileged) ebpfisquoted
up for discussion at KSummit.)Kees have been always against using ebpf in seccomp. I believe he still holds this opinion. Until he changes his mind let's stop bringing seccomp as a use case for unpriv bpf.That's why I said "whether or not". For the record, I do prefer a non-unpriv-ebpf way. It's still something that will most surely come up in the discussion though.
It's very un-kernely way to defer to in-person meetings. If there is anything to discuss please discuss it on the public mailing list.