Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1391449imm; Thu, 4 Oct 2018 12:51:50 -0700 (PDT) X-Google-Smtp-Source: ACcGV60E2yn4Fdub2B4z/pLAFKpuI5LYqJP8WRN/QMUtmW5BFdJJyMaKnMeezAZw1RnadiKUAESb X-Received: by 2002:a17:902:1121:: with SMTP id d30-v6mr7851535pla.250.1538682710882; Thu, 04 Oct 2018 12:51:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538682710; cv=none; d=google.com; s=arc-20160816; b=RX6Gp+IG25Nn1QLfvLWxAiaVcdsdv2/HRP2lIqAIBj58g5tL2zXyk1fmjHu1j8KYtO JSjNPamD8ToqHNINpvwN+OSRMnHlZzMqwhU9n0Z1XmXpUG2ffzRNhO3xx3/2Req5OpMh Ukrw+rp2roqTMjhtwDMzjWJAi/BDpiM6Z6BMwkxRrkRQM9Y8qfWhv5zlEFxRlKPRY6O1 qFW/zqeX7PbswQSzT3I40MOIEkJKYhN1nJgDcWOA4SP1dplICM+nbJ1oHIX41ZzxQvou t/yBPe7/BTYNedwkNDxQ9wP9JtgQOwDkmTOaIVtT8FLYvpWZBwByxwgbxezGhjp9ZqjO HL/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=IQgTDB1tgmOGWrvma7TyYlQKrPoy77My+MQO+xJ1W4w=; b=MyYM4c0ZWtEwf2EHZqcV07zd3N7RqfUEUSS9cw2SqyI7Po93uQ+dAK55qQnn3/WHAD 3s2JNGasCh2Em0J79Tr87IZkerW1tXj3soDStggRzFckm6vUP/VvHXtBjXDT6Ogzn/As XwrshmIArvwTmRJPY24Z18LdKchQ6iRf/w42EHKIQPpRH5IzNjOmC6Y5hEjPN/cFIXsu 7KOh7BSJn0Vpq7Xj91CyXTNbzZVtcud/eP3qAaDxZ9dhswqXWtiKjuBdKcf5waiioi7/ 10wtlYMPKH2O2oYdUlr7YZfOPYDkx7TIXoE9Q7xnRN5ZFGdEOIQ4gpR2y+bD/hbLm2Wo r/aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Lk1ekR8E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si6097554plw.121.2018.10.04.12.51.34; Thu, 04 Oct 2018 12:51:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=Lk1ekR8E; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727601AbeJECp7 (ORCPT + 99 others); Thu, 4 Oct 2018 22:45:59 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:40963 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727354AbeJECp7 (ORCPT ); Thu, 4 Oct 2018 22:45:59 -0400 Received: by mail-wr1-f67.google.com with SMTP id x12-v6so11193949wru.8 for ; Thu, 04 Oct 2018 12:51:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IQgTDB1tgmOGWrvma7TyYlQKrPoy77My+MQO+xJ1W4w=; b=Lk1ekR8E0VLkVy40NAgQMBd8DKR1XNIe5fuR1XTcaDmpEVwJD6jhNfOrgnDcZCibcR VaGzjVqV+Qk4NztTgaRErHqLeak6aiHjvEEH8GFOceC6deuz23gCc0rR5MgzOtNMJlSF kAwMVsa0dVKA0sJFrnqqH+HyXf6t7aIXXhGx+IZNaDf0xEuuzjEvHNMNk2kFZSCmEypp yMGRH4OeM09ujdPSH2m1G1wrXglCAyq5kEZxI5DnW3tkmSbzFqk4dvLL3SgDNaXPLeXM HRr/y+kmOOSLqllEfXsUSuD7mR6OivlN/BJ0zVZbh1fMjbBGQ5uiWa5/uTSFdyTC+G6G aBYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IQgTDB1tgmOGWrvma7TyYlQKrPoy77My+MQO+xJ1W4w=; b=nThwdLYwncN/K1wXmQKgETT8zxyZHvR9B2cf8n0MNluRxJPg9vcLS/zM5chCfVwzFY oDOrepU18xpaea0IJzB5NA+/WGmfV5OssT0iMa3yl/owI517I3rWSbkCAJnGYjIRty+p rRX+llU1cB/vxc8C2JllxVyyh7McmIvGbYHH1p3OtAkmFP9FcHedD1BHb0vu/RU6h7Kb sfbe+cTh9GiSVHAy8LuVDJ5PVoWm0s4uhB2KznRNu1UIH6Y1KQC4XWaHGhA1NchzEZJJ MVcSMXqcnncmGcoS4KUE0rmUHGclYxdlvjSAQwYLRTOXaWCHH7nXBuJo8TB8hvQniarx 7A+g== X-Gm-Message-State: ABuFfohlB5joOK8/VzFExmlznBNbFqaxkKPvKHd28CGmAq9aP7m8cE1d exRhC++qlVvS8jBK70nqmXbcm4Oia4ik43c5ZRlp4Q== X-Received: by 2002:adf:b188:: with SMTP id q8-v6mr5931305wra.95.1538682672172; Thu, 04 Oct 2018 12:51:12 -0700 (PDT) MIME-Version: 1.0 References: <20181004025750.498303-1-ast@kernel.org> <20181004025750.498303-2-ast@kernel.org> <20181004194123.GA12697@castle.DHCP.thefacebook.com> In-Reply-To: <20181004194123.GA12697@castle.DHCP.thefacebook.com> From: Andy Lutomirski Date: Thu, 4 Oct 2018 12:51:00 -0700 Message-ID: Subject: Re: [PATCH bpf-next 1/6] bpf: introduce BPF_PROG_TYPE_FILE_FILTER To: Roman Gushchin Cc: Alexei Starovoitov , "David S. Miller" , Daniel Borkmann , Al Viro , Network Development , LKML , kernel-team Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 4, 2018 at 12:41 PM Roman Gushchin wrote: > > On Wed, Oct 03, 2018 at 07:57:45PM -0700, Alexei Starovoitov wrote: > > Similar to networking sandboxing programs and cgroup-v2 based hooks > > (BPF_CGROUP_INET_[INGRESS|EGRESS,] BPF_CGROUP_INET[4|6]_[BIND|CONNECT], etc) > > introduce basic per-container sandboxing for file access via > > new BPF_PROG_TYPE_FILE_FILTER program type that attaches after > > security_file_open() LSM hook and works as additional file_open filter. > > The new cgroup bpf hook is called BPF_CGROUP_FILE_OPEN. > > > > Just like other cgroup-bpf programs new BPF_PROG_TYPE_FILE_FILTER type > > is only available to root. > > > > This program type has access to single argument 'struct bpf_file_info' > > that contains standard sys_stat fields: > > struct bpf_file_info { > > __u64 inode; > > __u32 dev_major; > > __u32 dev_minor; > > __u32 fs_magic; > > __u32 mnt_id; > > __u32 nlink; > > __u32 mode; /* file mode S_ISDIR, S_ISLNK, 0755, etc */ > > __u32 flags; /* open flags O_RDWR, O_CREAT, etc */ > > }; > > It's probably nice to have file uid/gid as well. And an indication of which mount namespace we're looking at. --Andy