Re: [PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr

[PATCH v14 bpf-next 0/6] bpf: File verification with LSM and fsverity · Song Liu <song@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr · Song Liu <song@kernel.org> · 2023-11-29
Re: [PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr · KP Singh <kpsingh@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 2/6] bpf, fsverity: Add kfunc bpf_get_fsverity_digest · Song Liu <song@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 3/6] Documentation/bpf: Add documentation for filesystem kfuncs · Song Liu <song@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 4/6] selftests/bpf: Sort config in alphabetic order · Song Liu <song@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 5/6] selftests/bpf: Add tests for filesystem kfuncs · Song Liu <song@kernel.org> · 2023-11-29
[PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Song Liu <song@kernel.org> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Alexei Starovoitov <hidden> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Song Liu <song@kernel.org> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Alexei Starovoitov <hidden> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Song Liu <song@kernel.org> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · Song Liu <song@kernel.org> · 2023-11-29
Re: [PATCH v14 bpf-next 6/6] selftests/bpf: Add test that uses fsverity and xattr to sign a file · kernel test robot <hidden> · 2023-11-30

From: KP Singh <kpsingh@kernel.org>
Date: 2023-11-29 16:06:23
Also in: bpf, linux-fsdevel

On Wed, Nov 29, 2023 at 1:37 AM Song Liu [off-list ref] wrote:

It is common practice for security solutions to store tags/labels in
xattrs. To implement similar functionalities in BPF LSM, add new kfunc
bpf_get_file_xattr().

The first use case of bpf_get_file_xattr() is to implement file
verifications with asymmetric keys. Specificially, security applications
could use fsverity for file hashes and use xattr to store file signatures.
(kfunc for fsverity hash will be added in a separate commit.)

Currently, only xattrs with "user." prefix can be read with kfunc
bpf_get_file_xattr(). As use cases evolve, we may add a dedicated prefix
for bpf_get_file_xattr().

To avoid recursion, bpf_get_file_xattr can be only called from LSM hooks.

Signed-off-by: Song Liu <song@kernel.org>
Acked-by: Christian Brauner <brauner@kernel.org>

Acked-by: KP Singh <kpsingh@kernel.org>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help