Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp8237imm; Thu, 4 Oct 2018 15:23:53 -0700 (PDT) X-Google-Smtp-Source: ACcGV631NBo52DW/4O5O5kmxEpijfa88s74sp8QOK6yUroROFUx8EJ4Frw/cA0UKHihqk9D0OY87 X-Received: by 2002:a17:902:8481:: with SMTP id c1-v6mr8704605plo.158.1538691832983; Thu, 04 Oct 2018 15:23:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538691832; cv=none; d=google.com; s=arc-20160816; b=mhtxWzgk9mH2JHnc8J1vOwOgrHC+4Fz3zggRAggBlocSRUS67bn/nXj/QftK/BjuJK ELkw8Qm1SusDF+y5lQO/+hkJvNUU2HTTZ85cAo3SHWlNDGMiIiaEWoa++51sW4GXCkjL vGwib7fTz0hBoh34q+a3OPAQhSJKtQrh3jVLoM7EIRsGVrCnldZTyKqo0clGG7/A92lB Mv0bNsLuNmUywyBHo4UXoliFw+PFz9XfZ4QFLcZ2uw5KNp+BRIwjgFiH650oIuSzotDb QHFr1WSVI88uo2fOjO4Kv7nVR3vH/lXkFeg3SVwrLib+GupuyKrenNzW8isVGMrvBcgz kNZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=hU3wq9qp5hLGsZ3tPGqiD3vd3fWw/bX5kI+FtZ2HznQ=; b=dQjoVSBjusTzOtL6BDFr7bhZ4SWg/Am+Xl+EUiP1V7y+2UR9NYdIXKyjYUrzoToyET z4jLrpHJSaE2qar74Vr/1S1hZqFqiaGGamwrdxitFFsClnC4bLzmWV6iiK16O5VdUEd7 31obY0RCAf6jKJf7clj4WOXiyN7F7tes7Th5/+hGAzAcp9MDBOLci3+JKsf4qU25oVrI Yw8PzDpUp67GqGvs+wxPVoLr1VhxsQekkI2qmG8gS/G+8AaUVDTe0qczDZWy7P+TIBBA 4rwIO6EA2OtzT4q/Gt7FeYFO+Uo4WgsYHgc4cP61XPpTlgMePnSctkNn1DERedaIuyXb StrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=q8F3QjRo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z27-v6si5418824pgk.297.2018.10.04.15.23.37; Thu, 04 Oct 2018 15:23:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=q8F3QjRo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727675AbeJEFSr (ORCPT + 99 others); Fri, 5 Oct 2018 01:18:47 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:45636 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725996AbeJEFSq (ORCPT ); Fri, 5 Oct 2018 01:18:46 -0400 Received: by mail-pf1-f194.google.com with SMTP id u12-v6so931916pfn.12; Thu, 04 Oct 2018 15:23:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=hU3wq9qp5hLGsZ3tPGqiD3vd3fWw/bX5kI+FtZ2HznQ=; b=q8F3QjRoxEB8n28jc8mnBX99cfN+S8X8NLciDBHLdQvomDdte+iiGFb2n5RGvdiaUn fuPfUb2Hhr43liy19ItcQTOtAIBZrsQEDwNjfw8YPQfVLlN66T0JPlLNaLS5UNlr9oKr x3j8p0WHnaDNwYcQnDMhlKWnEUAxSqFp3ZJCswJSfPuSLSPoqf+yGIk/1hdnD58vnLrW QBW1nkJpClUrKX0aQwcveTHeX9XdaNjSKbnGlCRKruOsuUfpFL+r5gx7IbpgnJApAMpl IX/CqpWrwHTUMZKIaaDw9tZNwkPeR1pFrgXdyBzNa96OB5P7L7Z/Z+TEEDC9Ksv2EAD7 h6kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=hU3wq9qp5hLGsZ3tPGqiD3vd3fWw/bX5kI+FtZ2HznQ=; b=mMoAQrcE2AxgCEwWqpV1JR3NlYjhoRHOwBvEyZai+vqf8Ojq+eVmwALOFkeI3L8Y2+ n+Unrp/a7ThGAGZZ0tBNcFyoxl6IhC7KdwJFCy06AtN3jb6wD1+bRkXMXx+G2jlcm8XO 6ykBgg19c+uNIIMfV8GKSD+0rM6wibKUu+3wvWqqUrQbDLMnQCaA6B+js5wCXvL6Ec2E 5EQfsw4Z5kYpeLaqYJ76fXN4+k7BcnAS1fVrT0K+w9JkUxMAAcdnPj6GKAUKZIdThPCs l+WPLbIGIX+dm2FFHhFKvuALwBNEBtXNFqPXlEZ4vCZSgQozGpr8v9Z7sdh4FzITBA+F 7E6w== X-Gm-Message-State: ABuFfojugI9EAWN/msslEq3WfYAmKehviLwzqDGMMoCmORdFB4PnWU7t NQ1Jt79EjuuTXlf+x5wq2k8= X-Received: by 2002:a63:d256:: with SMTP id t22-v6mr7429441pgi.335.1538691796518; Thu, 04 Oct 2018 15:23:16 -0700 (PDT) Received: from ast-mbp.dhcp.thefacebook.com ([2620:10d:c090:180::1:2803]) by smtp.gmail.com with ESMTPSA id j14-v6sm6120145pgh.52.2018.10.04.15.23.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 15:23:15 -0700 (PDT) Date: Thu, 4 Oct 2018 15:23:13 -0700 From: Alexei Starovoitov To: Andy Lutomirski Cc: Roman Gushchin , Alexei Starovoitov , "David S. Miller" , Daniel Borkmann , Al Viro , Network Development , LKML , kernel-team Subject: Re: [PATCH bpf-next 1/6] bpf: introduce BPF_PROG_TYPE_FILE_FILTER Message-ID: <20181004222312.3vvyvibx6dc4vqwt@ast-mbp.dhcp.thefacebook.com> References: <20181004025750.498303-1-ast@kernel.org> <20181004025750.498303-2-ast@kernel.org> <20181004194123.GA12697@castle.DHCP.thefacebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 04, 2018 at 12:51:00PM -0700, Andy Lutomirski wrote: > On Thu, Oct 4, 2018 at 12:41 PM Roman Gushchin wrote: > > > > On Wed, Oct 03, 2018 at 07:57:45PM -0700, Alexei Starovoitov wrote: > > > Similar to networking sandboxing programs and cgroup-v2 based hooks > > > (BPF_CGROUP_INET_[INGRESS|EGRESS,] BPF_CGROUP_INET[4|6]_[BIND|CONNECT], etc) > > > introduce basic per-container sandboxing for file access via > > > new BPF_PROG_TYPE_FILE_FILTER program type that attaches after > > > security_file_open() LSM hook and works as additional file_open filter. > > > The new cgroup bpf hook is called BPF_CGROUP_FILE_OPEN. > > > > > > Just like other cgroup-bpf programs new BPF_PROG_TYPE_FILE_FILTER type > > > is only available to root. > > > > > > This program type has access to single argument 'struct bpf_file_info' > > > that contains standard sys_stat fields: > > > struct bpf_file_info { > > > __u64 inode; > > > __u32 dev_major; > > > __u32 dev_minor; > > > __u32 fs_magic; > > > __u32 mnt_id; > > > __u32 nlink; > > > __u32 mode; /* file mode S_ISDIR, S_ISLNK, 0755, etc */ > > > __u32 flags; /* open flags O_RDWR, O_CREAT, etc */ > > > }; > > > > It's probably nice to have file uid/gid as well. > > And an indication of which mount namespace we're looking at. Both certainly can be added in the future without breaking progs. I didn't want to add too much all at once. For file uid/gid I prototyped bpf_get_statx(struct bpf_file_info *file, int flags, int mask, struct statx *sx, int size); helper that calls normal statx underneath. But it's not fast, since sizeof(struct statx) == 256 and it has to be fully inited by the helper or by the bpf prog (since bpf doesn't allow uninited memory anywhere). Then I thought about going back to older sys_stat helper (without x), since structs are smaller, but that didn't look as good either. So I've decied to table it for now and get the basic support via 'struct bpf_file_info' first. Then extend it later via new fields and new helpers.