[PATCH net-next v4 07/11] bpf: Use bpf_map_delete_elem() from the library

Replace bpf_map_delete() with bpf_map_delete_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

Re: [PATCH net-next v1 7/7] bpf: Always test unprivileged programs

On 06/02/2017 17:09, Alexei Starovoitov wrote: > On 2/5/17 3:14 PM, Mickaël Salaün wrote: >> -if (unpriv && test->prog_type) >> -continue; >> +if (!test->prog_type) { >> +if (!unpriv) >> +set

Re: [PATCH net-next v1 4/7] tools: Sync {,tools/}include/uapi/linux/bpf.h

This patch only make sense in net-next, however. On 06/02/2017 00:14, Mickaël Salaün wrote: > The tools version of this header is out of date; update it to the latest > version from kernel header. > > Signed-off-by: Mickaël Salaün <m...@digikod.net> > Cc: Alexei Starovoit

Re: [PATCH net-next v1 6/7] bpf: Use the bpf_load_program() from the library

On 06/02/2017 16:30, Daniel Borkmann wrote: > On 02/06/2017 12:14 AM, Mickaël Salaün wrote: >> Replace bpf_prog_load() with bpf_load_program() calls. >> >> Use the tools include directory instead of the installed one to allow >> builds from other kernels. >> &g

[PATCH v2 3/5] samples/bpf: Ignore already processed ELF sections

Add a missing check for the map fixup loop. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> --- samples/bpf/bpf_load.c | 2 ++ 1 file change

[PATCH v2 2/5] bpf: Simplify bpf_load_program() error handling in the library

Do not call a second time bpf(2) when a program load failed. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.co

[PATCH v2 5/5] samples/bpf: Add missing header

Include unistd.h to define __NR_getuid and __NR_getsid. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@dave

[PATCH v2 1/5] bpf: Add missing header to the library

Include stddef.h to define size_t. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.com> --- tools/lib/bpf/

[PATCH v2 4/5] samples/bpf: Reset global variables

Before loading a new ELF, clean previous kernel version, license and processed sections. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v2 2/8] bpf: Use bpf_map_update_elem() from the library

Replace bpf_map_update() with bpf_map_update_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v2 3/8] bpf: Use bpf_map_lookup_elem() from the library

Replace bpf_map_lookup() with bpf_map_lookup_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c|

[PATCH net-next v2 1/8] bpf: Use bpf_load_program() from the library

Replace bpf_prog_load() with bpf_load_program() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 9

[PATCH net-next v2 5/8] bpf: Use bpf_map_get_next_key() from the library

Replace bpf_map_next_key() with bpf_map_get_next_key() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v2 2/3] bpf: Change the include directory for selftest

Use the tools include directory instead of the installed one to allow builds from other kernels. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH net-next v2 1/3] tools: Sync {,tools/}include/uapi/linux/bpf.h

2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from scratch") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: D

[PATCH net-next v2 3/3] bpf: Always test unprivileged programs

ity check. Handling capabilities requires the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/Makefile

Re: [PATCH net-next v1 6/7] bpf: Use the bpf_load_program() from the library

On 06/02/2017 20:18, Daniel Borkmann wrote: > On 02/06/2017 08:16 PM, Mickaël Salaün wrote: >> On 06/02/2017 16:30, Daniel Borkmann wrote: >>> On 02/06/2017 12:14 AM, Mickaël Salaün wrote: >>>> Replace bpf_prog_load() with bpf_load_program() calls. >>>

Re: [PATCH net-next v1 6/7] bpf: Use the bpf_load_program() from the library

On 06/02/2017 23:44, Daniel Borkmann wrote: > On 02/06/2017 10:30 PM, Mickaël Salaün wrote: >> On 06/02/2017 20:18, Daniel Borkmann wrote: >>> On 02/06/2017 08:16 PM, Mickaël Salaün wrote: >>>> On 06/02/2017 16:30, Daniel Borkmann wrote: >>>>>

[PATCH net-next v2 6/8] bpf: Use bpf_create_map() from the library

Replace bpf_map_create() with bpf_create_map() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/bpf_sys.h | 1

[PATCH net-next v2 8/8] bpf: Add test_tag to .gitignore

Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/

[PATCH net-next v2 4/8] bpf: Use bpf_map_delete_elem() from the library

Replace bpf_map_delete() with bpf_map_delete_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c|

[PATCH net-next v2 7/8] bpf: Remove bpf_sys.h from selftests

Add require dependency headers. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 6 ++ tools/testing

Re: [PATCH net-next v2 1/8] bpf: Use bpf_load_program() from the library

Right, it was a batch of miscellaneous patches at first but I split them in three series. I'm going to resend this patches in two v3 series (with cover letters): one for each tree (net-next and perf). Thanks, Mickaël On 07/02/2017 19:35, David Miller wrote: > > Please post your patch series(s)

[PATCH net-next v1 1/7] bpf: Add missing header to the library

Including stddef.h is needed to define size_t. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.com> --- too

[PATCH net-next v1 7/7] bpf: Always test unprivileged programs

ity check. Handling capabilities require the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/Makefile

[PATCH net-next v1 5/7] bpf: Simplify bpf_load_program() error handling in the library

Do not call a second time bpf(2) when a program load failed. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.co

[PATCH net-next v1 2/7] samples/bpf: Ignore already processed ELF sections

Add a missing check for the map fixup loop. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> --- samples/bpf/bpf_load.c | 2 ++ 1 file change

[PATCH net-next v1 6/7] bpf: Use the bpf_load_program() from the library

Replace bpf_prog_load() with bpf_load_program() calls. Use the tools include directory instead of the installed one to allow builds from other kernels. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net&

[PATCH net-next v1 4/7] tools: Sync {,tools/}include/uapi/linux/bpf.h

The tools version of this header is out of date; update it to the latest version from kernel header. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net

[PATCH net-next v1 3/7] samples/bpf: Reset global variables

Before loading a new ELF, clean previous kernel version, license and processed sections. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH v5 08/10] seccomp: Enhance test_harness with an assert step mechanism

This is useful to return an information about the error without being able to write to TH_LOG_STREAM. Helpers from test_harness.h may be useful outside of the seccomp directory. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Arnaldo

[PATCH v5 05/10] seccomp: Split put_seccomp_filter() with put_seccomp()

The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Will Drewry <w...@chromium.org> ---

[PATCH v5 03/10] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode()

* add BPF protos * fix bpf_landlock_cmp_fs_prop_with_struct_file() Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@dave

[PATCH v5 04/10] landlock: Add LSM hooks related to filesystem

and struct path pointers: inode_permission and inode_getattr * add abstraction over eBPF helper arguments thanks to wrapping structs Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Da

[PATCH v5 10/10] landlock: Add user and kernel documentation for Landlock

This documentation can be built with the Sphinx framework. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@dave

[PATCH v5 06/10] seccomp,landlock: Handle Landlock events per process hierarchy

Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andrew Morton <a...@linux-foundation.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: James Morris <james.l.mor...@oracle.com> Cc: Kees Cook <keesc...@chromium.org> C

[PATCH v5 09/10] bpf,landlock: Add tests for Landlock

Test basic context access and filesystem event with multiple cases. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da.

[PATCH v5 01/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier

e the "access" field with "ability" (less confusing) Changes since v3: * remove the "origin" field * add an "option" field * cleanup comments Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Arnaldo Carvalho

[PATCH v5 07/10] bpf: Add a Landlock sandbox example

* use BPF_PROG_ATTACH for cgroup handling Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@davemloft.net> Cc: James Morris

Re: [PATCH v5 10/10] landlock: Add user and kernel documentation for Landlock

On 22/02/2017 06:21, Andy Lutomirski wrote: > On Tue, Feb 21, 2017 at 5:26 PM, Mickaël Salaün <m...@digikod.net> wrote: >> This documentation can be built with the Sphinx framework. >> >> Signed-off-by: Mickaël Salaün <m...@digikod.net> >> Cc: Alexei St

[PATCH v5 00/10] Landlock LSM: Toward unprivileged sandboxing

kml.kernel.org/r/5828776a.1010...@digikod.net [3] https://lkml.kernel.org/r/1477390454-12553-1-git-send-email-dan...@zonque.org [4] https://lkml.kernel.org/r/20160829114542.GA20836@ircssh.c.rugged-nimbus-611.internal [5] https://lkml.kernel.org/r/20161221231506.19800-1-...@digikod.net Regards, Mickaël

[PATCH v5 02/10] bpf,landlock: Define an eBPF program type for Landlock

* revamp the landlock_context: * add arch, syscall_nr and syscall_cmd (ioctl, fcntl…) to be able to cross-check action with the event type * replace args array with dedicated fields to ease the addition of new fields Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Staro

Re: [PATCH v5 07/10] bpf: Add a Landlock sandbox example

On 22/02/2017 02:26, Mickaël Salaün wrote: > Add a basic sandbox tool to create a process isolated from some part of > the system. This sandbox create a read-only environment. It is only > allowed to write to a character device such as a TTY: > > # :> X > # echo $? >

[PATCH net-next v1] bpf: Rebuild bpf.o for any dependency update

This is needed to force a rebuild of bpf.o when one of its dependencies (e.g. uapi/linux/bpf.h) is updated. Add a phony target. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: D

[PATCH net-next v1] bpf: Remove redundant ifdef

Remove a useless ifdef __NR_bpf as requested by Wang Nan. Inline one-line static functions as it was in the bpf_sys.h file. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller &l

[PATCH net-next v5 08/11] bpf: Use bpf_map_get_next_key() from the library

Replace bpf_map_next_key() with bpf_map_get_next_key() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v5 00/11] Improve BPF selftests and use the library (net-next tree)

* include one more stdint.h * rebase on net-next * add this cover letter Changes since v1: * exclude patches not intended for the net-next tree Regards, Mickaël Salaün (11): tools: Sync {,tools/}include/uapi/linux/bpf.h bpf: Change the include directory for selftest bpf: Always test un

[PATCH net-next v5 03/11] bpf: Always test unprivileged programs

ity check. Handling capabilities requires the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Acked-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/Make

[PATCH net-next v5 09/11] bpf: Use bpf_create_map() from the library

Replace bpf_map_create() with bpf_create_map() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/bpf_sys.h | 1

[PATCH net-next v5 10/11] bpf: Remove bpf_sys.h from selftests

Add require dependency headers. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c | 6 ++ tools/testing

[PATCH net-next v5 04/11] bpf: Use bpf_load_program() from the library

Replace bpf_prog_load() with bpf_load_program() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c |

[PATCH net-next v5 05/11] bpf: Use bpf_map_update_elem() from the library

Replace bpf_map_update() with bpf_map_update_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v5 06/11] bpf: Use bpf_map_lookup_elem() from the library

Replace bpf_map_lookup() with bpf_map_lookup_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v5 11/11] bpf: Add test_tag to .gitignore

Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/testing/selftests/bpf/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/

[PATCH net-next v5 01/11] tools: Sync {,tools/}include/uapi/linux/bpf.h

2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from scratch") Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: D

[PATCH net-next v5 07/11] bpf: Use bpf_map_delete_elem() from the library

Replace bpf_map_delete() with bpf_map_delete_elem() calls. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> --- tools/lib/bpf/bpf.c

[PATCH net-next v5 02/11] bpf: Change the include directory for selftest

Use the tools include directory instead of the installed one to allow builds from other kernels. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net>

[PATCH v1] samples/bpf: Add a .gitignore for binaries

Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Arnaldo Carvalho de Melo <a...@redhat.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Wang Nan <wangn...@huawei.com> --- samples/bpf/.gitignore | 32 ++

Re: Potential issues (security and otherwise) with the current cgroup-bpf API

On 19/01/2017 01:18, Andy Lutomirski wrote: >>> it explicitly respects the cgroup hierarchy. It shows up in >>> /proc/cgroups, and I had no problem mounting a cgroupfs instance with >>> perf_event enabled. So I'm not sure what you mean. >> >> That all it's doing is providing membership

Re: [PATCH v5 03/10] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode()

On 01/03/2017 10:32, James Morris wrote: > On Wed, 22 Feb 2017, Mickaël Salaün wrote: > >> Add an eBPF function bpf_handle_fs_get_mode(handle_fs) to get the mode >> of a an abstract object wrapping either a file, a dentry, a path, or an >> inode. >> >&g

Re: [PATCH v5 06/10] seccomp,landlock: Handle Landlock events per process hierarchy

On 01/03/2017 23:20, Andy Lutomirski wrote: > On Wed, Mar 1, 2017 at 2:14 PM, Mickaël Salaün <m...@digikod.net> wrote: >> >> On 28/02/2017 21:01, Andy Lutomirski wrote: >>> On Tue, Feb 21, 2017 at 5:26 PM, Mickaël Salaün <m...@digikod.net> wrote: >>>

[RFC v2 05/10] seccomp: Handle Landlock

programs can be triggered by one or more seccomp filters. This way, each RET_LANDLOCK (with specific cookie) will trigger all the allowed Landlock programs once. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@ama

[RFC v2 04/10] seccomp: Split put_seccomp_filter() with put_seccomp()

The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Will Drewry <w...@chromium.org> ---

[RFC v2 01/10] landlock: Add Kconfig

Initial Landlock Kconfig needed to split the Landlock eBPF and seccomp parts to ease the review. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: James Morris <james.l.mor...@oracle.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Serge E. Hallyn <se...@hallyn.com&g

[RFC v2 03/10] bpf,landlock: Add a new arraymap type to deal with (Landlock) handles

are listed in enum bpf_map_array_type (e.g. BPF_MAP_ARRAY_TYPE_LANDLOCK_FS). For now, this new arraymap is only used by Landlock LSM (cf. next commits) but it could be useful for other needs. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Dav

[RFC v2 06/10] landlock: Add LSM hooks

to an eBPF function according to their types (e.g. the bpf_landlock_cmp_fs_beneath_with_struct_file function can use a struct file pointer). For now, there is three hooks for file system access control: * file_open; * file_permission; * mmap_file. Signed-off-by: Mickaël Salaün <m...@digikod.net&

[RFC v2 08/10] landlock: Handle file system comparisons

. path or glob string). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Alexei Starovoitov <a...@kernel.org> Cc: James Morris <james.l.mor...@oracle.com> Cc: Serge E. Hallyn <se...@hallyn.com> Cc: David S. Miller <da...@d

[RFC v2 10/10] samples/landlock: Add sandbox example

/0' \ ./sandbox /bin/sh -i $ ls /home user1 $ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs $ ls /home ls: cannot open directory '/home': Permission denied Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Alexei Starovoitov &

[RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

tive comments on the usability, architecture, code and userland API of Landlock LSM. Regards, Mickaël Salaün (10): landlock: Add Kconfig bpf: Move u64_to_ptr() to BPF headers and inline it bpf,landlock: Add a new arraymap type to deal with (Landlock) handles seccomp: Split put_seccomp_filter() wit

[RFC v2 09/10] landlock: Handle cgroups

and manipulate cgroups thanks to cgroup delegation. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Alexei Starovoitov <a...@kernel.org> Cc: James Morris <james.l.mor...@oracle.com> Cc: Serge E. Hallyn <se...@hallyn.com> Cc: David S. M

[RFC v2 07/10] landlock: Add errno check

Add a max errno value. This is not strictly needed but should improve reliability. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Arnd Bergmann <a...@arndb.de> Cc: Serge E. Hallyn <se...@hallyn.com> Cc: James Morris <james.l.mor...@oracle.com> Cc: Kees Coo

[RFC v2 02/10] bpf: Move u64_to_ptr() to BPF headers and inline it

This helper will be useful for arraymap (next commit). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: David S. Miller <da...@davemloft.net> Cc: Daniel Borkmann <dan...@iogearbox.net> --- include/linux/bpf.h | 6 ++

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 25/08/2016 13:05, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers

Re: [RFC v2 08/10] landlock: Handle file system comparisons

On 25/08/2016 13:12, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote: >> Add eBPF functions to compare file system access with a Landlock file >> system handle: >> * bpf_landlock_cmp_fs_prop_with_struct_f

Re: [RFC v2 09/10] landlock: Handle cgroups

On 25/08/2016 13:09, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote: >> Add an eBPF function bpf_landlock_cmp_cgroup_beneath(opt, map, map_op) >> to compare the current process cgroup with a cgroup handle, The handle >

Re: [PATCH v2 0/3] Fix seccomp for UM

/2016 02:35, James Morris wrote: > On Mon, 1 Aug 2016, Mickaël Salaün wrote: > >> Hi, >> >> This series fix the recent seccomp update for the User-mode Linux >> architecture >> (32-bit and 64-bit) since commit 26703c636c1f ("um/ptrace: run seccomp after >

Re: [RFC v2 00/10] Landlock LSM: Unprivileged sandboxing

On 30/08/2016 18:06, Andy Lutomirski wrote: > On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote: >> Hi, >> >> This series is a proof of concept to fill some missing part of seccomp as the >> ability to check syscall argument pointers

Re: [RFC v2 09/10] landlock: Handle cgroups (performance)

On 30/08/2016 22:23, Andy Lutomirski wrote: > On Tue, Aug 30, 2016 at 1:20 PM, Mickaël Salaün <m...@digikod.net> wrote: >> >> On 30/08/2016 20:55, Andy Lutomirski wrote: >>> On Sun, Aug 28, 2016 at 2:42 AM, Mickaël Salaün <m...@digikod.net> wrote: >

Re: [RFC v2 06/10] landlock: Add LSM hooks

On 30/08/2016 22:18, Andy Lutomirski wrote: > On Tue, Aug 30, 2016 at 1:10 PM, Mickaël Salaün <m...@digikod.net> wrote: >> >> On 30/08/2016 20:56, Andy Lutomirski wrote: >>> On Aug 25, 2016 12:34 PM, "Mickaël Salaün" <m...@digikod.net> wrote: >>

Re: [RFC v2 06/10] landlock: Add LSM hooks

On 30/08/2016 20:56, Andy Lutomirski wrote: > On Aug 25, 2016 12:34 PM, "Mickaël Salaün" <m...@digikod.net> wrote: >> >> Add LSM hooks which can be used by userland through Landlock (eBPF) >> programs. This programs are limited to a whitelist of functions (

Re: [RFC v2 09/10] landlock: Handle cgroups (performance)

On 30/08/2016 20:55, Andy Lutomirski wrote: > On Sun, Aug 28, 2016 at 2:42 AM, Mickaël Salaün <m...@digikod.net> wrote: >> >> >> On 28/08/2016 10:13, Andy Lutomirski wrote: >>> On Aug 27, 2016 11:14 PM, "Mickaël Salaün" <m...@digikod.net&g

Re: [RFC v3 03/22] bpf,landlock: Add a new arraymap type to deal with (Landlock) handles

On 14/09/2016 20:51, Alexei Starovoitov wrote: > On Wed, Sep 14, 2016 at 09:23:56AM +0200, Mickaël Salaün wrote: >> This new arraymap looks like a set and brings new properties: >> * strong typing of entries: the eBPF functions get the array type of >> elements instead of

Re: [RFC v3 17/22] cgroup: Add access check for cgroup_get_from_fd()

On 14/09/2016 09:24, Mickaël Salaün wrote: > Add security access check for cgroup backed FD. The "cgroup.procs" file > of the corresponding cgroup must be readable to identify the cgroup, and > writable to prove that the current process can manage this cgroup (e.g. &

Re: [RFC v3 18/22] cgroup,landlock: Add CGRP_NO_NEW_PRIVS to handle unprivileged hooks

On 14/09/2016 20:27, Andy Lutomirski wrote: > On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote: >> Add a new flag CGRP_NO_NEW_PRIVS for each cgroup. This flag is initially >> set for all cgroup except the root. The flag is clear when a n

Re: [RFC v3 19/22] landlock: Add interrupted origin

On 14/09/2016 20:29, Andy Lutomirski wrote: > On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote: >> This third origin of hook call should cover all possible trigger paths >> (e.g. page fault). Landlock eBPF programs can then take decisions >> ac

[RFC v3 16/22] bpf/cgroup,landlock: Handle Landlock hooks per cgroup

hooks attached to a cgroup in more complicated ways (e.g. continuous inheritance), but care should be taken to properly handle error cases (e.g. memory allocation errors). Changes since v2: * new design based on BPF_PROG_ATTACH (suggested by Alexei Starovoitov) Signed-off-by: Mickaël Salaün &l

[RFC v3 17/22] cgroup: Add access check for cgroup_get_from_fd()

check done by cgroup_procs_write_permission(). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Daniel Mack <dan...@zonque.org> Cc: David S. Miller <da...@davemlof

[RFC v3 18/22] cgroup,landlock: Add CGRP_NO_NEW_PRIVS to handle unprivileged hooks

a process without no_new_privs to this cgroup will be denied. This allows to safely manage Landlock rules with cgroup delegation as with seccomp. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Da

[RFC v3 22/22] samples/landlock: Add sandbox example

/dev/null +++ b/samples/landlock/sandbox.c @@ -0,0 +1,307 @@ +/* + * Landlock LSM - Sandbox example + * + * Copyright (C) 2016 Mickaël Salaün <m...@digikod.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public

[RFC v3 20/22] landlock: Add update and debug access flags

* bpf_get_prandom_u32 * bpf_get_current_pid_tgid * bpf_get_current_uid_gid * bpf_get_current_comm Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net>

[RFC v3 09/22] seccomp: Move struct seccomp_filter in seccomp.h

Set struct seccomp_filter public because of the next use of the new field thread_prev added for Landlock LSM. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Will Drewry <w...@chromium.or

[RFC v3 04/22] bpf: Set register type according to is_valid_access()

unprivileged eBPF programs to use functions with (legitimate) pointer arguments. This bug was not a problem until now because the only unprivileged eBPF program allowed is of type BPF_PROG_TYPE_SOCKET_FILTER and all the types from its context are UNKNOWN_VALUE. Signed-off-by: Mickaël Salaün <m...@digikod.

[RFC v3 08/22] seccomp: Fix documentation for struct seccomp_filter

Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Will Drewry <w...@chromium.org> --- kernel/seccomp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kernel/seccomp.c

[RFC v3 14/22] bpf/cgroup: Make cgroup_bpf_update() return an error code

This will be useful to support Landlock for the next commits. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Daniel Mack <dan...@zonque.org> Cc: David S. Miller <da...@dave

[RFC v3 05/22] bpf,landlock: Add eBPF program subtype and is_valid_subtype() verifier

if the (optional) program subtype is valid. For now, only Landlock eBPF programs are using a program subtype but this could be used by other program types in the future. Cf. the next commit to see how the subtype is used by Landlock LSM. Signed-off-by: Mickaël Salaün <m...@digikod.net> Link:

[RFC v3 19/22] landlock: Add interrupted origin

This third origin of hook call should cover all possible trigger paths (e.g. page fault). Landlock eBPF programs can then take decisions accordingly. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.

[RFC v3 02/22] bpf: Move u64_to_ptr() to BPF headers and inline it

This helper will be useful for arraymap (next commit). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: David S. Miller <da...@davemloft.net> Cc: Daniel Borkmann <dan...@iogearbox.net> --- include/linux/bpf.h | 6 ++

[RFC v3 06/22] landlock: Add LSM hooks

ed by Daniel Borkmann) * new BPF context Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@kernel.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: David S. Miller <da...@davemloft.net> Cc: James Morri

[RFC v3 10/22] seccomp: Split put_seccomp_filter() with put_seccomp()

The semantic is unchanged. This will be useful for the Landlock integration with seccomp (next commit). Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Kees Cook <keesc...@chromium.org> Cc: Andy Lutomirski <l...@amacapital.net> Cc: Will Drewry <w...@chromium.org> ---

[RFC v3 01/22] landlock: Add Kconfig

Initial Landlock Kconfig needed to split the Landlock eBPF and seccomp parts to ease the review. Changes from v2: * add seccomp filter or cgroups (with eBPF programs attached support) dependencies Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: James Morris <james.l.mor...@oracl

<    1   2   3   4   5   6   7   8   9   10   >