Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI)

[PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2019-12-20
[PATCH bpf-next v1 01/13] bpf: Refactor BPF_EVENT context macros to its own header. · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 01/13] bpf: Refactor BPF_EVENT context macros to its own header. · Andrii Nakryiko <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 01/13] bpf: Refactor BPF_EVENT context macros to its own header. · KP Singh <hidden> · 2019-12-20
[PATCH bpf-next v1 02/13] bpf: lsm: Add a skeleton and config options · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 02/13] bpf: lsm: Add a skeleton and config options · James Morris <jmorris@namei.org> · 2020-01-07
[PATCH bpf-next v1 03/13] bpf: lsm: Introduce types for eBPF based LSM · KP Singh <hidden> · 2019-12-20
[PATCH bpf-next v1 04/13] bpf: lsm: Allow btf_id based attachment for LSM hooks · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 04/13] bpf: lsm: Allow btf_id based attachment for LSM hooks · Andrii Nakryiko <hidden> · 2019-12-23
Re: [PATCH bpf-next v1 04/13] bpf: lsm: Allow btf_id based attachment for LSM hooks · KP Singh <hidden> · 2019-12-30
[PATCH bpf-next v1 10/13] bpf: lsm: Handle attachment of the same program · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 10/13] bpf: lsm: Handle attachment of the same program · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 10/13] bpf: lsm: Handle attachment of the same program · James Morris <jmorris@namei.org> · 2020-01-08
[PATCH bpf-next v1 11/13] tools/libbpf: Add bpf_program__attach_lsm · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 11/13] tools/libbpf: Add bpf_program__attach_lsm · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 11/13] tools/libbpf: Add bpf_program__attach_lsm · James Morris <jmorris@namei.org> · 2020-01-08
[PATCH bpf-next v1 13/13] bpf: lsm: Add Documentation · KP Singh <hidden> · 2019-12-20
[PATCH bpf-next v1 12/13] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 12/13] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 12/13] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM · KP Singh <hidden> · 2020-01-04
Re: [PATCH bpf-next v1 12/13] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM · Andrii Nakryiko <hidden> · 2020-01-09
Re: [PATCH bpf-next v1 12/13] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM · James Morris <jmorris@namei.org> · 2020-01-08
[PATCH bpf-next v1 08/13] bpf: lsm: Show attached program names in hook read handler. · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 08/13] bpf: lsm: Show attached program names in hook read handler. · James Morris <jmorris@namei.org> · 2020-01-07
[PATCH bpf-next v1 09/13] bpf: lsm: Add a helper function bpf_lsm_event_output · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 09/13] bpf: lsm: Add a helper function bpf_lsm_event_output · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 09/13] bpf: lsm: Add a helper function bpf_lsm_event_output · KP Singh <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 09/13] bpf: lsm: Add a helper function bpf_lsm_event_output · Andrii Nakryiko <hidden> · 2019-12-30
[PATCH bpf-next v1 07/13] bpf: lsm: Implement attach, detach and execution. · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 07/13] bpf: lsm: Implement attach, detach and execution. · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 07/13] bpf: lsm: Implement attach, detach and execution. · James Morris <jmorris@namei.org> · 2020-01-07
[PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · KP Singh <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · Andrii Nakryiko <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · Kees Cook <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · KP Singh <hidden> · 2020-01-03
Re: [PATCH bpf-next v1 06/13] bpf: lsm: Init Hooks and create files in securityfs · James Morris <jmorris@namei.org> · 2020-01-07
[PATCH bpf-next v1 05/13] tools/libbpf: Add support in libbpf for BPF_PROG_TYPE_LSM · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 05/13] tools/libbpf: Add support in libbpf for BPF_PROG_TYPE_LSM · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 05/13] tools/libbpf: Add support in libbpf for BPF_PROG_TYPE_LSM · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 05/13] tools/libbpf: Add support in libbpf for BPF_PROG_TYPE_LSM · KP Singh <hidden> · 2020-01-03
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Casey Schaufler <casey@schaufler-ca.com> · 2019-12-20
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2019-12-20
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Kees Cook <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-08
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · James Morris <jmorris@namei.org> · 2020-01-08
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-08
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · James Morris <jmorris@namei.org> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · James Morris <jmorris@namei.org> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2020-01-10
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · James Morris <jmorris@namei.org> · 2020-01-10
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Alexei Starovoitov <hidden> · 2020-01-10
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-14
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-14
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Alexei Starovoitov <hidden> · 2020-01-15
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Stephen Smalley <hidden> · 2020-01-15
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-01-15
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Alexei Starovoitov <hidden> · 2020-01-15
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2020-01-09
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · James Morris <jmorris@namei.org> · 2020-01-08
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Mickaël Salaün <mic@digikod.net> · 2019-12-20
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Kees Cook <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Mickaël Salaün <mic@digikod.net> · 2019-12-31
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Alexei Starovoitov <hidden> · 2019-12-22
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Andrii Nakryiko <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Andrii Nakryiko <hidden> · 2019-12-24
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · KP Singh <hidden> · 2019-12-30
Re: [PATCH bpf-next v1 00/13] MAC and Audit policy using eBPF (KRSI) · Andrii Nakryiko <hidden> · 2019-12-30

From: Andrii Nakryiko <hidden>
Date: 2019-12-24 06:52:01
Also in: bpf, lkml

On Fri, Dec 20, 2019 at 7:42 AM KP Singh [off-list ref] wrote:

From: KP Singh <redacted>

This patch series is a continuation of the KRSI RFC
(https://lore.kernel.org/bpf/20190910115527.5235-1-kpsingh@chromium.org/ (local))

[...]

# Usage Examples

A simple example and some documentation is included in the patchset.

In order to better illustrate the capabilities of the framework some
more advanced prototype code has also been published separately:

* Logging execution events (including environment variables and arguments):
https://github.com/sinkap/linux-krsi/blob/patch/v1/examples/samples/bpf/lsm_audit_env.c
* Detecting deletion of running executables:
https://github.com/sinkap/linux-krsi/blob/patch/v1/examples/samples/bpf/lsm_detect_exec_unlink.c
* Detection of writes to /proc/<pid>/mem:
https://github.com/sinkap/linux-krsi/blob/patch/v1/examples/samples/bpf/lsm_audit_env.c

Are you planning on submitting these examples for inclusion into
samples/bpf or selftests/bpf? It would be great to have more examples
and we can review and suggest nicer ways to go about writing them
(e.g., BPF skeleton and global data Alexei mentioned earlier).

We have updated Google's internal telemetry infrastructure and have
started deploying this LSM on our Linux Workstations. This gives us more
confidence in the real-world applications of such a system.

KP Singh (13):
  bpf: Refactor BPF_EVENT context macros to its own header.
  bpf: lsm: Add a skeleton and config options
  bpf: lsm: Introduce types for eBPF based LSM
  bpf: lsm: Allow btf_id based attachment for LSM hooks
  tools/libbpf: Add support in libbpf for BPF_PROG_TYPE_LSM
  bpf: lsm: Init Hooks and create files in securityfs
  bpf: lsm: Implement attach, detach and execution.
  bpf: lsm: Show attached program names in hook read handler.
  bpf: lsm: Add a helper function bpf_lsm_event_output
  bpf: lsm: Handle attachment of the same program
  tools/libbpf: Add bpf_program__attach_lsm
  bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM
  bpf: lsm: Add Documentation

[...]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help