Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Aug 2016 04:12:02 -0700
From: Andy Lutomirski <>
To: Mickaël Salaün <>, 
	"Eric W. Biederman" <>
Cc: "" <>, Alexei Starovoitov <>, 
	Arnd Bergmann <>, Casey Schaufler <>, 
	Daniel Borkmann <>, Daniel Mack <>, 
	David Drysdale <>, "David S . Miller" <>, 
	Elena Reshetova <>, James Morris <>, 
	Kees Cook <>, Paul Moore <>, 
	Sargun Dhillon <>, "Serge E . Hallyn" <>, Will Drewry <>, 
	"" <>, Linux API <>, 
	LSM List <>, 
	Network Development <>
Subject: Re: [RFC v2 08/10] landlock: Handle file system comparisons

On Thu, Aug 25, 2016 at 3:32 AM, Mickaël Salaün <> wrote:
> Add eBPF functions to compare file system access with a Landlock file
> system handle:
> * bpf_landlock_cmp_fs_prop_with_struct_file(prop, map, map_op, file)
>   This function allows to compare the dentry, inode, device or mount
>   point of the currently accessed file, with a reference handle.
> * bpf_landlock_cmp_fs_beneath_with_struct_file(opt, map, map_op, file)
>   This function allows an eBPF program to check if the current accessed
>   file is the same or in the hierarchy of a reference handle.
> The goal of file system handle is to abstract kernel objects such as a
> struct file or a struct inode. Userland can create this kind of handle
> thanks to the BPF_MAP_UPDATE_ELEM command. The element is a struct
> landlock_handle containing the handle type (e.g.
> BPF_MAP_HANDLE_TYPE_LANDLOCK_FS_FD) and a file descriptor. This could
> also be any descriptions able to match a struct file or a struct inode
> (e.g. path or glob string).

This needs Eric's opinion.

Also, where do all the struct file *'s get stashed?  Are they
preserved in the arraymap?  What prevents reference cycles or absurdly
large numbers of struct files getting pinned?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.