Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp443226imm;
        Wed, 3 Oct 2018 19:58:42 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63LQ0xJtGjZl7hRHk/uVQGP/LKqwNo+zaK+WMsx7N70GZSlTr/fE4lUqc4I7vuaD6BQpsyy
X-Received: by 2002:a17:902:2b84:: with SMTP id l4-v6mr4518847plb.265.1538621922687;
        Wed, 03 Oct 2018 19:58:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538621922; cv=none;
        d=google.com; s=arc-20160816;
        b=hljFoQFH6khM9DXO7GKsZPlBqy+fe42Mki5CkCDShztbrD1JCmUm2iCz4vau3B1pS7
         tivphbixbc4jTy4JArUAtat1GIV7ff0VhNVZTz21HcYKXMCMMGDhf1tm1CuOG8pb8fLn
         MAt+s0XLWnAjE2Gy1moSwKr415V1Ln0UAQ+eyv0neIk7BlxF4KOZ0zUfdyi14d5YdsZS
         MBUOEltcWy+W+bDltgvz3I45XcgDF9Gl5cdEpABTcX+2XggDdHieyFbxopCkLSyUOUBI
         eeTZJDTOnj0xV/cAuc+3x9+2qMZNn6mB0rJwQFGbZxoeWVahSVja661v0t++VGoF/fNT
         tZNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject
         :smtp-origin-cluster:cc:to:smtp-origin-hostname:from
         :smtp-origin-hostprefix;
        bh=nfdLSCiwRKHMLYT8RGyMwTBnSEVS6zmys38gF2BmMSw=;
        b=lKIZJ7Vldl/9TloA3YWLWJ6TQFAXqeAIqsG3QWL+41IbaLuf7PblAhgwrTESfRhrm1
         o+GQJaEJLsLX9o2zVoZoMNsH81dvHUpe3yWtgfrWGMtfgUhVHp8X/UY7BfNtyruWalU/
         6SHWhcR+yD2KpGG6SgLfFZ9jVLgKCW5147G5r0NM293QcQDkTMt/t9K1tgNslS0A5YPe
         9WzXMCl2LsxCjAuhkCOZGDBwHJAJdrFYstC/gBwDcW5iIA1o+3+xr3SyK21L+HWjQ96K
         6IMz2CkXTw533I/6qV+t/7CrwRn5T+H1QlicqV0/d5P55tJF/OKCPoBL5QD4lz2baz0v
         lp3A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w6-v6si3181994pgp.42.2018.10.03.19.58.27;
        Wed, 03 Oct 2018 19:58:42 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727558AbeJDJtV (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Thu, 4 Oct 2018 05:49:21 -0400
Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:42006 "EHLO
        mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727470AbeJDJtK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Oct 2018 05:49:10 -0400
Received: from pps.filterd (m0044008.ppops.net [127.0.0.1])
        by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w942mrBg031859
        for <linux-kernel@vger.kernel.org>; Wed, 3 Oct 2018 19:57:57 -0700
Received: from mail.thefacebook.com ([199.201.64.23])
        by mx0a-00082601.pphosted.com with ESMTP id 2mw8aygags-1
        (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Wed, 03 Oct 2018 19:57:57 -0700
Received: from mx-out.facebook.com (192.168.52.123) by mail.thefacebook.com
 (192.168.16.20) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 3 Oct
 2018 19:57:56 -0700
Received: by devbig007.ftw2.facebook.com (Postfix, from userid 572438)  id
 EF6FF760B51; Wed,  3 Oct 2018 19:57:50 -0700 (PDT)
Smtp-Origin-Hostprefix: devbig
From:   Alexei Starovoitov <ast@kernel.org>
Smtp-Origin-Hostname: devbig007.ftw2.facebook.com
To:     "David S . Miller" <davem@davemloft.net>
CC:     <daniel@iogearbox.net>, <luto@amacapital.net>,
        <viro@zeniv.linux.org.uk>, <netdev@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <kernel-team@fb.com>
Smtp-Origin-Cluster: ftw2c04
Subject: [PATCH bpf-next 0/6] bpf: introduce BPF_CGROUP_FILE_OPEN
Date:   Wed, 3 Oct 2018 19:57:44 -0700
Message-ID: <20181004025750.498303-1-ast@kernel.org>
X-Mailer: git-send-email 2.17.1
X-FB-Internal: Safe
MIME-Version: 1.0
Content-Type: text/plain
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-10-04_01:,,
 signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi All,

Similar to networking sandboxing programs and cgroup-v2 based hooks
(BPF_CGROUP_INET_[INGRESS|EGRESS,] BPF_CGROUP_INET[4|6]_[BIND|CONNECT], etc)
introduce basic per-container sandboxing for file access via
new BPF_PROG_TYPE_FILE_FILTER program type that attaches after
security_file_open() LSM hook and works as additional file_open filter.
The new cgroup bpf hook is called BPF_CGROUP_FILE_OPEN.

Just like other cgroup-bpf programs new BPF_PROG_TYPE_FILE_FILTER type
is only available to root.

Use cases:
- disallow certain FS types within containers (fs_magic == CGROUP2_SUPER_MAGIC)
- restrict permissions in particular mount (mnt_id == X && (flags & O_RDWR))
- disallow access to hard linked sensitive files (nlink > 1 && mode == 0700)
- disallow access to world writeable files (mode == 0..7)
- disallow access to given set of files (dev_major == X && dev_minor == Y && inode == Z)

Alexei Starovoitov (6):
  bpf: introduce BPF_PROG_TYPE_FILE_FILTER
  fs: wire in BPF_CGROUP_FILE_OPEN hook
  tools/bpf: sync uapi/bpf.h
  trace/bpf: allow %o modifier in bpf_trace_printk
  libbpf: support BPF_CGROUP_FILE_OPEN in libbpf
  selftests/bpf: add a test for BPF_CGROUP_FILE_OPEN

 fs/open.c                                     |   4 +
 include/linux/bpf-cgroup.h                    |  10 +
 include/linux/bpf_types.h                     |   1 +
 include/uapi/linux/bpf.h                      |  28 ++-
 kernel/bpf/cgroup.c                           | 171 ++++++++++++++++++
 kernel/bpf/syscall.c                          |   7 +
 kernel/trace/bpf_trace.c                      |   2 +-
 tools/include/uapi/linux/bpf.h                |  28 ++-
 tools/lib/bpf/libbpf.c                        |   3 +
 tools/testing/selftests/bpf/.gitignore        |   1 +
 tools/testing/selftests/bpf/Makefile          |   6 +-
 tools/testing/selftests/bpf/bpf_helpers.h     |   2 +
 tools/testing/selftests/bpf/test_file_open.c  | 154 ++++++++++++++++
 .../selftests/bpf/test_file_open_common.h     |  13 ++
 .../selftests/bpf/test_file_open_kern.c       |  48 +++++
 15 files changed, 473 insertions(+), 5 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/test_file_open.c
 create mode 100644 tools/testing/selftests/bpf/test_file_open_common.h
 create mode 100644 tools/testing/selftests/bpf/test_file_open_kern.c

-- 
2.17.1