Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp202891rdh; Mon, 18 Dec 2023 16:55:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IG2Ru7l2Z0qCEYANSkAesS1uGyk+i41v6qf1soOemsMjtUfpDW4nztxTGfUgwKbvi/ddFSg X-Received: by 2002:a2e:92c4:0:b0:2c9:fa55:a90e with SMTP id k4-20020a2e92c4000000b002c9fa55a90emr3281717ljh.125.1702947328791; Mon, 18 Dec 2023 16:55:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702947328; cv=none; d=google.com; s=arc-20160816; b=nccATQAtaXKZiOY6ABhpn0sWz3r1TvtSXrQoSF8Qsr734AOap+HF4H8tlWcV+c1Nho mOyHGHAESt5KbsIq1F57odj1NgRK15hSEqob/q7T5adDmdtAho+8bHbfpZGVPcy7zx9F zRz9qNvqXYR5EVTmle2uHESbZLK7PiVT+2AC7GKCYi2vdLGYlIfYhhCVS+cr8IuU0gmn DudYjS/oTC/zc3BkDjAPXV5IpNtwUXpJb3bUKewYCCb/VXSG3ZGdXUY1OrjDP8bQQmWd HEvoP1N7FHzYR7LceqiNSt3pACYiRysAW30tb9xYDdUnq5MM3aRHVpMxumzNtviwidkU AYHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=Ibk0yMBwpCqovrEpX5Zqlod8eFpC8YzvCR1YhGHUjso=; fh=0dCM99AmcVt6SwNoLLaqGYqIUAJ5nZIVqXhnhORnzKM=; b=fZfamzBRlFcvVViQun1XgbBgKKxE6xQI/dzRABV9rR7mFejMwELNHINCSPePV56kNE 5TWLpb0Js5HxZfVJlLsazWFoQVVZ6Rw1KPYsSgclnjxlYHgMkh7cW6HR13QEcvJpHBy1 cvt7owt3NR+tVi6sKXpwOdKWnFnnXLB0krXvBavTdy1Lx60LEGSwfhCO75n+FhU8ZjKQ ebIGkd9LWdVP86HGrfrKZ7+vtM657hV2pxT7IU2Cz4rvEntYMSZLkbSb/5VsFzTlDnlc sWV9+Csi33WP2wKvmcFp6P4ZI/fv+zp6P9bV7BOvlqTIEgMQSs5Yzwyqu9FkMmQgbFZJ 1nig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p1gxcjfj; spf=pass (google.com: domain of linux-kernel+bounces-4545-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4545-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id c16-20020a05640227d000b0054f5d31b815si9734558ede.548.2023.12.18.16.55.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 16:55:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4545-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p1gxcjfj; spf=pass (google.com: domain of linux-kernel+bounces-4545-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4545-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 898041F24CD4 for ; Tue, 19 Dec 2023 00:55:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 34EE717CD; Tue, 19 Dec 2023 00:55:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="p1gxcjfj" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DDBC620; Tue, 19 Dec 2023 00:55:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2FFF8C433C7; Tue, 19 Dec 2023 00:55:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702947314; bh=NwQ+utlQPPxCR9JaKOeCMutWi6lSD/GOgjgSWIvzDQM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=p1gxcjfjtwzK9Hh6DSguCSby7dl4DrM+pCrqGjPsl3Ldm5p4PYscizFapKeFu+8mr bQRM9Es9Fu5ttuI4O9X/WPoQLWp0BhX/T1OePcGv+ecqwVVtPyVXV8GtgghAmkyFSf QWNQ9Edd/VYNXxxIvDQLSRvhXZql1xPAqYKIMekd3+VdnhDATXvsdL8dVoadz3UCGw 58udqY6fRr/4oy/9Yivx8so3Bm8ekKON+GcO+kZ0X/mzr0ajnhYBVw6a1T5D36SlGF h1P1E0APS6iNPAkSVyi5EHVQFv2cBRVwVXrOo8rPOHf68s6VUmXCgoSSTZ9zaPbvaH QAG0OQWlxoeug== Date: Mon, 18 Dec 2023 16:55:13 -0800 From: Jakub Kicinski To: torvalds@linuxfoundation.org Cc: Alexei Starovoitov , davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, daniel@iogearbox.net, andrii@kernel.org, peterz@infradead.org, brauner@kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, kernel-team@fb.com, linux-kernel@vger.kernel.org Subject: Re: pull-request: bpf-next 2023-12-18 Message-ID: <20231218165513.24717ec1@kernel.org> In-Reply-To: <20231219000520.34178-1-alexei.starovoitov@gmail.com> References: <20231219000520.34178-1-alexei.starovoitov@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 18 Dec 2023 16:05:20 -0800 Alexei Starovoitov wrote: > 2) Introduce BPF token object, from Andrii Nakryiko. > It adds an ability to delegate a subset of BPF features from privileged daemon > (e.g., systemd) through special mount options for userns-bound BPF FS to a > trusted unprivileged application. The design accommodates suggestions from > Christian Brauner and Paul Moore. > Example: > $ sudo mkdir -p /sys/fs/bpf/token > $ sudo mount -t bpf bpffs /sys/fs/bpf/token \ > -o delegate_cmds=prog_load:MAP_CREATE \ > -o delegate_progs=kprobe \ > -o delegate_attachs=xdp LGTM, but what do I know about file systems.. Adding LKML to the CC list, if anyone has any late comments on the BPF token come forward now, petty please?