Re: [PATCH net-next v5 5/5] selinux: bpf: Add addtional check for bpf object file receive

On Mon, Oct 16, 2017 at 9:34 AM, Stephen Smalley wrote: > On Thu, 2017-10-12 at 13:55 -0700, Chenbo Feng wrote: >> From: Chenbo Feng >> >> Introduce a bpf object related check when sending and receiving files >> through unix domain socket as well as binder.

Re: [PATCH net-next v5 5/5] selinux: bpf: Add addtional check for bpf object file receive

On Thu, 2017-10-12 at 13:55 -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Introduce a bpf object related check when sending and receiving files > through unix domain socket as well as binder. It checks if the > receiving > process have privilege to read/write the bpf map or

Re: [PATCH net-next v5 5/5] selinux: bpf: Add addtional check for bpf object file receive

On Thu, 2017-10-12 at 13:55 -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Introduce a bpf object related check when sending and receiving files > through unix domain socket as well as binder. It checks if the > receiving > process have privilege to read/write the bpf map or

[PATCH net-next v5 5/5] selinux: bpf: Add addtional check for bpf object file receive

From: Chenbo Feng Introduce a bpf object related check when sending and receiving files through unix domain socket as well as binder. It checks if the receiving process have privilege to read/write the bpf map or use the bpf program. This check is necessary because the bpf maps