Re: [PATCH net-next 2/4] security: bpf: Add LSM hooks for bpf object related syscall

[PATCH 0/4] net-next: security: New file mode and LSM hooks for eBPF object permission control · Chenbo Feng <hidden> · 2017-10-04
[PATCH net-next 1/4] bpf: Add file mode configuration into bpf maps · Chenbo Feng <hidden> · 2017-10-04
Re: [PATCH net-next 1/4] bpf: Add file mode configuration into bpf maps · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-04
Re: [PATCH net-next 1/4] bpf: Add file mode configuration into bpf maps · Chenbo Feng <hidden> · 2017-10-04
Re: [PATCH net-next 1/4] bpf: Add file mode configuration into bpf maps · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-05
[PATCH net-next 2/4] security: bpf: Add LSM hooks for bpf object related syscall · Chenbo Feng <hidden> · 2017-10-04
Re: [PATCH net-next 2/4] security: bpf: Add LSM hooks for bpf object related syscall · James Morris <hidden> · 2017-10-12
[PATCH net-next 3/4] selinux: bpf: Add selinux check for eBPF syscall operations · Chenbo Feng <hidden> · 2017-10-04
Re: [PATCH net-next 3/4] selinux: bpf: Add selinux check for eBPF syscall operations · Stephen Smalley <hidden> · 2017-10-05
Re: [PATCH net-next 3/4] selinux: bpf: Add selinux check for eBPF syscall operations · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-05
[PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Chenbo Feng <hidden> · 2017-10-04
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-04
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-04
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Stephen Smalley <hidden> · 2017-10-05
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Stephen Smalley <hidden> · 2017-10-05
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Chenbo Feng <hidden> · 2017-10-06
Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive · Chenbo Feng <hidden> · 2017-10-06

From: James Morris <hidden>
Date: 2017-10-12 00:31:34
Also in: linux-security-module, selinux

On Wed, 4 Oct 2017, Chenbo Feng wrote:

 int bpf_map_new_fd(struct bpf_map *map, int flags)
 {
+	if (security_bpf_map(map, OPEN_FMODE(flags)))
+		return -EPERM;
+

Don't hardcode -EPERM here, return the actual error from 
security_bpf_map().

+	if (security_bpf_prog(prog))
+		return -EPERM;
+

Same.

+	err = security_bpf(cmd, &attr, size);
+	if (err)
+		return -EPERM;

Same.


- James

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help