Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Christian Brauner <hidden>
Date: 2019-08-17 15:42:13
Also in:
bpf, linux-security-module, netdev
Possibly related (same subject, not in this thread)
- 2019-06-28 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Christian Brauner <christian@brauner.io>
- 2019-06-27 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Andy Lutomirski <luto@kernel.org>
On August 17, 2019 5:36:54 PM GMT+02:00, Alexei Starovoitov [off-list ref] wrote:
On Sat, Aug 17, 2019 at 05:16:53PM +0200, Christian Brauner wrote:quoted
On August 17, 2019 5:08:45 PM GMT+02:00, Alexei Starovoitov[off-list ref] wrote:quoted
quoted
On Sat, Aug 17, 2019 at 12:22:53AM +0200, Christian Brauner wrote:quoted
(The one usecase I'd care about is to extend seccomp to dopointer-basedquoted
syscall filtering. Whether or not that'd require (unprivileged)ebpfquoted
quoted
isquoted
up for discussion at KSummit.)Kees have been always against using ebpf in seccomp. I believe hestillquoted
quoted
holds this opinion. Until he changes his mind let's stop bringing seccomp as a use case for unpriv bpf.That's why I said "whether or not". For the record, I do prefer a non-unpriv-ebpf way. It's still something that will most surely come up in the discussionthough. It's very un-kernely way to defer to in-person meetings. If there is anything to discuss please discuss it on the public mailing list.
https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2019-July/006699.html