Replace bpf_map_delete() with bpf_map_delete_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
On 06/02/2017 17:09, Alexei Starovoitov wrote:
> On 2/5/17 3:14 PM, Mickaël Salaün wrote:
>> -if (unpriv && test->prog_type)
>> -continue;
>> +if (!test->prog_type) {
>> +if (!unpriv)
>> +set
This patch only make sense in net-next, however.
On 06/02/2017 00:14, Mickaël Salaün wrote:
> The tools version of this header is out of date; update it to the latest
> version from kernel header.
>
> Signed-off-by: Mickaël Salaün <m...@digikod.net>
> Cc: Alexei Starovoit
On 06/02/2017 16:30, Daniel Borkmann wrote:
> On 02/06/2017 12:14 AM, Mickaël Salaün wrote:
>> Replace bpf_prog_load() with bpf_load_program() calls.
>>
>> Use the tools include directory instead of the installed one to allow
>> builds from other kernels.
>>
&g
Add a missing check for the map fixup loop.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
samples/bpf/bpf_load.c | 2 ++
1 file change
Do not call a second time bpf(2) when a program load failed.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.co
Include unistd.h to define __NR_getuid and __NR_getsid.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@dave
Include stddef.h to define size_t.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.com>
---
tools/lib/bpf/
Before loading a new ELF, clean previous kernel version, license and
processed sections.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Replace bpf_map_update() with bpf_map_update_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c|
Replace bpf_prog_load() with bpf_load_program() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 9
Replace bpf_map_next_key() with bpf_map_get_next_key() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Use the tools include directory instead of the installed one to allow
builds from other kernels.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from
scratch")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: D
ity check.
Handling capabilities requires the libcap dependency.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/Makefile
On 06/02/2017 20:18, Daniel Borkmann wrote:
> On 02/06/2017 08:16 PM, Mickaël Salaün wrote:
>> On 06/02/2017 16:30, Daniel Borkmann wrote:
>>> On 02/06/2017 12:14 AM, Mickaël Salaün wrote:
>>>> Replace bpf_prog_load() with bpf_load_program() calls.
>>>
On 06/02/2017 23:44, Daniel Borkmann wrote:
> On 02/06/2017 10:30 PM, Mickaël Salaün wrote:
>> On 06/02/2017 20:18, Daniel Borkmann wrote:
>>> On 02/06/2017 08:16 PM, Mickaël Salaün wrote:
>>>> On 06/02/2017 16:30, Daniel Borkmann wrote:
>>>>>
Replace bpf_map_create() with bpf_create_map() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/bpf_sys.h | 1
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/
Replace bpf_map_delete() with bpf_map_delete_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c|
Add require dependency headers.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 6 ++
tools/testing
Right, it was a batch of miscellaneous patches at first but I split them
in three series. I'm going to resend this patches in two v3 series (with
cover letters): one for each tree (net-next and perf).
Thanks,
Mickaël
On 07/02/2017 19:35, David Miller wrote:
>
> Please post your patch series(s)
Including stddef.h is needed to define size_t.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.com>
---
too
ity check.
Handling capabilities require the libcap dependency.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/Makefile
Do not call a second time bpf(2) when a program load failed.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.co
Add a missing check for the map fixup loop.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
samples/bpf/bpf_load.c | 2 ++
1 file change
Replace bpf_prog_load() with bpf_load_program() calls.
Use the tools include directory instead of the installed one to allow
builds from other kernels.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net&
The tools version of this header is out of date; update it to the latest
version from kernel header.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net
Before loading a new ELF, clean previous kernel version, license and
processed sections.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
This is useful to return an information about the error without being
able to write to TH_LOG_STREAM.
Helpers from test_harness.h may be useful outside of the seccomp
directory.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Arnaldo
The semantic is unchanged. This will be useful for the Landlock
integration with seccomp (next commit).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Will Drewry <w...@chromium.org>
---
* add BPF protos
* fix bpf_landlock_cmp_fs_prop_with_struct_file()
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@dave
and struct path pointers:
inode_permission and inode_getattr
* add abstraction over eBPF helper arguments thanks to wrapping structs
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Da
This documentation can be built with the Sphinx framework.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@dave
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: James Morris <james.l.mor...@oracle.com>
Cc: Kees Cook <keesc...@chromium.org>
C
Test basic context access and filesystem event with multiple cases.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da.
e the "access" field with "ability" (less confusing)
Changes since v3:
* remove the "origin" field
* add an "option" field
* cleanup comments
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Arnaldo Carvalho
* use BPF_PROG_ATTACH for cgroup handling
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@davemloft.net>
Cc: James Morris
On 22/02/2017 06:21, Andy Lutomirski wrote:
> On Tue, Feb 21, 2017 at 5:26 PM, Mickaël Salaün <m...@digikod.net> wrote:
>> This documentation can be built with the Sphinx framework.
>>
>> Signed-off-by: Mickaël Salaün <m...@digikod.net>
>> Cc: Alexei St
kml.kernel.org/r/5828776a.1010...@digikod.net
[3]
https://lkml.kernel.org/r/1477390454-12553-1-git-send-email-dan...@zonque.org
[4]
https://lkml.kernel.org/r/20160829114542.GA20836@ircssh.c.rugged-nimbus-611.internal
[5] https://lkml.kernel.org/r/20161221231506.19800-1-...@digikod.net
Regards,
Mickaël
* revamp the landlock_context:
* add arch, syscall_nr and syscall_cmd (ioctl, fcntl…) to be able to
cross-check action with the event type
* replace args array with dedicated fields to ease the addition of new
fields
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Staro
On 22/02/2017 02:26, Mickaël Salaün wrote:
> Add a basic sandbox tool to create a process isolated from some part of
> the system. This sandbox create a read-only environment. It is only
> allowed to write to a character device such as a TTY:
>
> # :> X
> # echo $?
>
This is needed to force a rebuild of bpf.o when one of its dependencies
(e.g. uapi/linux/bpf.h) is updated.
Add a phony target.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: D
Remove a useless ifdef __NR_bpf as requested by Wang Nan.
Inline one-line static functions as it was in the bpf_sys.h file.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller &l
Replace bpf_map_next_key() with bpf_map_get_next_key() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
* include one more stdint.h
* rebase on net-next
* add this cover letter
Changes since v1:
* exclude patches not intended for the net-next tree
Regards,
Mickaël Salaün (11):
tools: Sync {,tools/}include/uapi/linux/bpf.h
bpf: Change the include directory for selftest
bpf: Always test un
ity check.
Handling capabilities requires the libcap dependency.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Acked-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/Make
Replace bpf_map_create() with bpf_create_map() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/bpf_sys.h | 1
Add require dependency headers.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c | 6 ++
tools/testing
Replace bpf_prog_load() with bpf_load_program() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c |
Replace bpf_map_update() with bpf_map_update_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Replace bpf_map_lookup() with bpf_map_lookup_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/testing/selftests/bpf/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/
2adcdb8 ("bpf: allow option for setting bpf_l4_csum_replace from
scratch")
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: D
Replace bpf_map_delete() with bpf_map_delete_elem() calls.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Shuah Khan <sh...@kernel.org>
---
tools/lib/bpf/bpf.c
Use the tools include directory instead of the installed one to allow
builds from other kernels.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@fb.com>
Cc: Arnaldo Carvalho de Melo <a...@redhat.com>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Wang Nan <wangn...@huawei.com>
---
samples/bpf/.gitignore | 32 ++
On 19/01/2017 01:18, Andy Lutomirski wrote:
>>> it explicitly respects the cgroup hierarchy. It shows up in
>>> /proc/cgroups, and I had no problem mounting a cgroupfs instance with
>>> perf_event enabled. So I'm not sure what you mean.
>>
>> That all it's doing is providing membership
On 01/03/2017 10:32, James Morris wrote:
> On Wed, 22 Feb 2017, Mickaël Salaün wrote:
>
>> Add an eBPF function bpf_handle_fs_get_mode(handle_fs) to get the mode
>> of a an abstract object wrapping either a file, a dentry, a path, or an
>> inode.
>>
>&g
On 01/03/2017 23:20, Andy Lutomirski wrote:
> On Wed, Mar 1, 2017 at 2:14 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>
>> On 28/02/2017 21:01, Andy Lutomirski wrote:
>>> On Tue, Feb 21, 2017 at 5:26 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>>
programs can be triggered by
one or more seccomp filters. This way, each RET_LANDLOCK (with specific
cookie) will trigger all the allowed Landlock programs once.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@ama
The semantic is unchanged. This will be useful for the Landlock
integration with seccomp (next commit).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Will Drewry <w...@chromium.org>
---
Initial Landlock Kconfig needed to split the Landlock eBPF and seccomp
parts to ease the review.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: James Morris <james.l.mor...@oracle.com>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Serge E. Hallyn <se...@hallyn.com&g
are listed in enum bpf_map_array_type
(e.g. BPF_MAP_ARRAY_TYPE_LANDLOCK_FS).
For now, this new arraymap is only used by Landlock LSM (cf. next
commits) but it could be useful for other needs.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Dav
to an eBPF function according to their types (e.g. the
bpf_landlock_cmp_fs_beneath_with_struct_file function can use a struct
file pointer).
For now, there is three hooks for file system access control:
* file_open;
* file_permission;
* mmap_file.
Signed-off-by: Mickaël Salaün <m...@digikod.net&
. path or glob string).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: James Morris <james.l.mor...@oracle.com>
Cc: Serge E. Hallyn <se...@hallyn.com>
Cc: David S. Miller <da...@d
/0' \
./sandbox /bin/sh -i
$ ls /home
user1
$ echo $$ > /sys/fs/cgroup/sandboxed/cgroup.procs
$ ls /home
ls: cannot open directory '/home': Permission denied
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Alexei Starovoitov &
tive comments on the usability, architecture, code and userland API of
Landlock LSM.
Regards,
Mickaël Salaün (10):
landlock: Add Kconfig
bpf: Move u64_to_ptr() to BPF headers and inline it
bpf,landlock: Add a new arraymap type to deal with (Landlock) handles
seccomp: Split put_seccomp_filter() wit
and manipulate cgroups thanks to
cgroup delegation.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: James Morris <james.l.mor...@oracle.com>
Cc: Serge E. Hallyn <se...@hallyn.com>
Cc: David S. M
Add a max errno value.
This is not strictly needed but should improve reliability.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Arnd Bergmann <a...@arndb.de>
Cc: Serge E. Hallyn <se...@hallyn.com>
Cc: James Morris <james.l.mor...@oracle.com>
Cc: Kees Coo
This helper will be useful for arraymap (next commit).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: David S. Miller <da...@davemloft.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
include/linux/bpf.h | 6 ++
On 25/08/2016 13:05, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> Hi,
>>
>> This series is a proof of concept to fill some missing part of seccomp as the
>> ability to check syscall argument pointers
On 25/08/2016 13:12, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> Add eBPF functions to compare file system access with a Landlock file
>> system handle:
>> * bpf_landlock_cmp_fs_prop_with_struct_f
On 25/08/2016 13:09, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> Add an eBPF function bpf_landlock_cmp_cgroup_beneath(opt, map, map_op)
>> to compare the current process cgroup with a cgroup handle, The handle
>
/2016 02:35, James Morris wrote:
> On Mon, 1 Aug 2016, Mickaël Salaün wrote:
>
>> Hi,
>>
>> This series fix the recent seccomp update for the User-mode Linux
>> architecture
>> (32-bit and 64-bit) since commit 26703c636c1f ("um/ptrace: run seccomp after
>
On 30/08/2016 18:06, Andy Lutomirski wrote:
> On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> Hi,
>>
>> This series is a proof of concept to fill some missing part of seccomp as the
>> ability to check syscall argument pointers
On 30/08/2016 22:23, Andy Lutomirski wrote:
> On Tue, Aug 30, 2016 at 1:20 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>
>> On 30/08/2016 20:55, Andy Lutomirski wrote:
>>> On Sun, Aug 28, 2016 at 2:42 AM, Mickaël Salaün <m...@digikod.net> wrote:
>
On 30/08/2016 22:18, Andy Lutomirski wrote:
> On Tue, Aug 30, 2016 at 1:10 PM, Mickaël Salaün <m...@digikod.net> wrote:
>>
>> On 30/08/2016 20:56, Andy Lutomirski wrote:
>>> On Aug 25, 2016 12:34 PM, "Mickaël Salaün" <m...@digikod.net> wrote:
>>
On 30/08/2016 20:56, Andy Lutomirski wrote:
> On Aug 25, 2016 12:34 PM, "Mickaël Salaün" <m...@digikod.net> wrote:
>>
>> Add LSM hooks which can be used by userland through Landlock (eBPF)
>> programs. This programs are limited to a whitelist of functions (
On 30/08/2016 20:55, Andy Lutomirski wrote:
> On Sun, Aug 28, 2016 at 2:42 AM, Mickaël Salaün <m...@digikod.net> wrote:
>>
>>
>> On 28/08/2016 10:13, Andy Lutomirski wrote:
>>> On Aug 27, 2016 11:14 PM, "Mickaël Salaün" <m...@digikod.net&g
On 14/09/2016 20:51, Alexei Starovoitov wrote:
> On Wed, Sep 14, 2016 at 09:23:56AM +0200, Mickaël Salaün wrote:
>> This new arraymap looks like a set and brings new properties:
>> * strong typing of entries: the eBPF functions get the array type of
>> elements instead of
On 14/09/2016 09:24, Mickaël Salaün wrote:
> Add security access check for cgroup backed FD. The "cgroup.procs" file
> of the corresponding cgroup must be readable to identify the cgroup, and
> writable to prove that the current process can manage this cgroup (e.g.
&
On 14/09/2016 20:27, Andy Lutomirski wrote:
> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> Add a new flag CGRP_NO_NEW_PRIVS for each cgroup. This flag is initially
>> set for all cgroup except the root. The flag is clear when a n
On 14/09/2016 20:29, Andy Lutomirski wrote:
> On Wed, Sep 14, 2016 at 12:24 AM, Mickaël Salaün <m...@digikod.net> wrote:
>> This third origin of hook call should cover all possible trigger paths
>> (e.g. page fault). Landlock eBPF programs can then take decisions
>> ac
hooks attached to a cgroup
in more complicated ways (e.g. continuous inheritance), but care should
be taken to properly handle error cases (e.g. memory allocation errors).
Changes since v2:
* new design based on BPF_PROG_ATTACH (suggested by Alexei Starovoitov)
Signed-off-by: Mickaël Salaün &l
check done by
cgroup_procs_write_permission().
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Daniel Mack <dan...@zonque.org>
Cc: David S. Miller <da...@davemlof
a process without no_new_privs to this cgroup will
be denied.
This allows to safely manage Landlock rules with cgroup delegation as
with seccomp.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Da
/dev/null
+++ b/samples/landlock/sandbox.c
@@ -0,0 +1,307 @@
+/*
+ * Landlock LSM - Sandbox example
+ *
+ * Copyright (C) 2016 Mickaël Salaün <m...@digikod.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public
* bpf_get_prandom_u32
* bpf_get_current_pid_tgid
* bpf_get_current_uid_gid
* bpf_get_current_comm
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Set struct seccomp_filter public because of the next use of
the new field thread_prev added for Landlock LSM.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Will Drewry <w...@chromium.or
unprivileged eBPF programs to use functions with (legitimate)
pointer arguments.
This bug was not a problem until now because the only unprivileged eBPF
program allowed is of type BPF_PROG_TYPE_SOCKET_FILTER and all the types
from its context are UNKNOWN_VALUE.
Signed-off-by: Mickaël Salaün <m...@digikod.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Will Drewry <w...@chromium.org>
---
kernel/seccomp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/seccomp.c
This will be useful to support Landlock for the next commits.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: Daniel Mack <dan...@zonque.org>
Cc: David S. Miller <da...@dave
if the (optional) program subtype is
valid.
For now, only Landlock eBPF programs are using a program subtype but
this could be used by other program types in the future.
Cf. the next commit to see how the subtype is used by Landlock LSM.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Link:
This third origin of hook call should cover all possible trigger paths
(e.g. page fault). Landlock eBPF programs can then take decisions
accordingly.
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.
This helper will be useful for arraymap (next commit).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: David S. Miller <da...@davemloft.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
---
include/linux/bpf.h | 6 ++
ed by Daniel Borkmann)
* new BPF context
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Alexei Starovoitov <a...@kernel.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Daniel Borkmann <dan...@iogearbox.net>
Cc: David S. Miller <da...@davemloft.net>
Cc: James Morri
The semantic is unchanged. This will be useful for the Landlock
integration with seccomp (next commit).
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: Kees Cook <keesc...@chromium.org>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Will Drewry <w...@chromium.org>
---
Initial Landlock Kconfig needed to split the Landlock eBPF and seccomp
parts to ease the review.
Changes from v2:
* add seccomp filter or cgroups (with eBPF programs attached support)
dependencies
Signed-off-by: Mickaël Salaün <m...@digikod.net>
Cc: James Morris <james.l.mor...@oracl
101 - 200 of 1481 matches
Mail list logo