Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

On Mon, Aug 29, 2016 at 02:49:17PM -0700, Alexei Starovoitov wrote: > On 8/29/16 12:24 PM, Tejun Heo wrote: > >Hello, Sargun. > > > >On Mon, Aug 29, 2016 at 11:49:07AM -0700, Sargun Dhillon wrote: > >>It would be a separate hook per LSM hook. Why wouldn't we want a separate > >>bpf > >>hook per ls

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

On Aug 29, 2016 3:19 PM, "Mickaël Salaün" wrote: > > > On 29/08/2016 23:49, Alexei Starovoitov wrote: > > On 8/29/16 12:24 PM, Tejun Heo wrote: > >> Hello, Sargun. > >> > >> On Mon, Aug 29, 2016 at 11:49:07AM -0700, Sargun Dhillon wrote: > >>> It would be a separate hook per LSM hook. Why wouldn't

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

On 29/08/2016 23:49, Alexei Starovoitov wrote: > On 8/29/16 12:24 PM, Tejun Heo wrote: >> Hello, Sargun. >> >> On Mon, Aug 29, 2016 at 11:49:07AM -0700, Sargun Dhillon wrote: >>> It would be a separate hook per LSM hook. Why wouldn't we want a >>> separate bpf >>> hook per lsm hook? I think if one

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

On 8/29/16 12:24 PM, Tejun Heo wrote: Hello, Sargun. On Mon, Aug 29, 2016 at 11:49:07AM -0700, Sargun Dhillon wrote: It would be a separate hook per LSM hook. Why wouldn't we want a separate bpf hook per lsm hook? I think if one program has to handle them all, the first program would be looking

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

Hello, Sargun. On Mon, Aug 29, 2016 at 11:49:07AM -0700, Sargun Dhillon wrote: > It would be a separate hook per LSM hook. Why wouldn't we want a separate bpf > hook per lsm hook? I think if one program has to handle them all, the first > program would be looking up the hook program in a bpf pro

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

On Mon, Aug 29, 2016 at 01:01:18PM -0400, Tejun Heo wrote: > Hello, > > On Mon, Aug 29, 2016 at 04:47:07AM -0700, Sargun Dhillon wrote: > > This patch adds a minor LSM, Checmate. Checmate is a flexible programmable, > > extensible minor LSM that's coupled with cgroups and BPF. It is designed to >

Re: [net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

Hello, On Mon, Aug 29, 2016 at 04:47:07AM -0700, Sargun Dhillon wrote: > This patch adds a minor LSM, Checmate. Checmate is a flexible programmable, > extensible minor LSM that's coupled with cgroups and BPF. It is designed to > enforce container-specific policies. It is also a cgroupv2 controller

[net-next RFC v2 4/9] bpf, security: Add Checmate security LSM and BPF program type

This patch adds a minor LSM, Checmate. Checmate is a flexible programmable, extensible minor LSM that's coupled with cgroups and BPF. It is designed to enforce container-specific policies. It is also a cgroupv2 controller. By itself, it doesn't do very much, but in conjunction with a orchestrator c