Re: [PATCH net-next v6 1/5] bpf: Add file mode configuration into bpf maps

[PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · Chenbo Feng <hidden> · 2017-10-16
[PATCH net-next v6 2/5] bpf: Add tests for eBPF file mode · Chenbo Feng <hidden> · 2017-10-16
Re: [PATCH net-next v6 2/5] bpf: Add tests for eBPF file mode · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-16
[PATCH net-next v6 3/5] security: bpf: Add LSM hooks for bpf object related syscall · Chenbo Feng <hidden> · 2017-10-16
[PATCH net-next v6 1/5] bpf: Add file mode configuration into bpf maps · Chenbo Feng <hidden> · 2017-10-16
Re: [PATCH net-next v6 1/5] bpf: Add file mode configuration into bpf maps · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-16
Re: [PATCH net-next v6 1/5] bpf: Add file mode configuration into bpf maps · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-18
[PATCH net-next v6 4/5] selinux: bpf: Add selinux check for eBPF syscall operations · Chenbo Feng <hidden> · 2017-10-16
[PATCH net-next v6 5/5] selinux: bpf: Add addtional check for bpf object file receive · Chenbo Feng <hidden> · 2017-10-16
Re: [PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · David Miller <davem@davemloft.net> · 2017-10-18
Re: [PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · David Miller <davem@davemloft.net> · 2017-10-18
Re: [PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · James Morris <hidden> · 2017-10-19
Re: [PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · Daniel Borkmann <daniel@iogearbox.net> · 2017-10-19
Re: [PATCH net-next v6 0/5] bpf: security: New file mode and LSM hooks for eBPF object permission control · David Miller <davem@davemloft.net> · 2017-10-19

From: Daniel Borkmann <daniel@iogearbox.net>
Date: 2017-10-16 22:59:21
Also in: linux-security-module, selinux

On 10/16/2017 09:11 PM, Chenbo Feng wrote:

From: Chenbo Feng <redacted>

Introduce the map read/write flags to the eBPF syscalls that returns the
map fd. The flags is used to set up the file mode when construct a new
file descriptor for bpf maps. To not break the backward capability, the
f_flags is set to O_RDWR if the flag passed by syscall is 0. Otherwise
it should be O_RDONLY or O_WRONLY. When the userspace want to modify or
read the map content, it will check the file mode to see if it is
allowed to make the change.

Signed-off-by: Chenbo Feng <redacted>
Acked-by: Alexei Starovoitov <ast@kernel.org>

Acked-by: Daniel Borkmann <daniel@iogearbox.net>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help