Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-06 Thread Chenbo Feng
On Thu, Oct 5, 2017 at 11:26 AM, Stephen Smalley wrote: > On Thu, 2017-10-05 at 09:37 -0400, Stephen Smalley wrote: >> On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote: >> > From: Chenbo Feng >> > >> > Introduce a bpf object related check when sending

Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-06 Thread Chenbo Feng
On Thu, Oct 5, 2017 at 6:37 AM, Stephen Smalley wrote: > On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote: >> From: Chenbo Feng >> >> Introduce a bpf object related check when sending and receiving files >> through unix domain socket as well as binder.

Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-05 Thread Stephen Smalley
On Thu, 2017-10-05 at 09:37 -0400, Stephen Smalley wrote: > On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote: > > From: Chenbo Feng > > > > Introduce a bpf object related check when sending and receiving > > files > > through unix domain socket as well as binder. It checks

Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-05 Thread Stephen Smalley
On Wed, 2017-10-04 at 11:29 -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Introduce a bpf object related check when sending and receiving files > through unix domain socket as well as binder. It checks if the > receiving > process have privilege to read/write the bpf map or

Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-04 Thread Daniel Borkmann
On 10/05/2017 01:44 AM, Daniel Borkmann wrote: On 10/04/2017 08:29 PM, Chenbo Feng wrote: From: Chenbo Feng Introduce a bpf object related check when sending and receiving files through unix domain socket as well as binder. It checks if the receiving process have privilege

Re: [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive

2017-10-04 Thread Daniel Borkmann
On 10/04/2017 08:29 PM, Chenbo Feng wrote: From: Chenbo Feng Introduce a bpf object related check when sending and receiving files through unix domain socket as well as binder. It checks if the receiving process have privilege to read/write the bpf map or use the bpf program.