| Message ID | 20231018105033.13669-13-michael.weiss@aisec.fraunhofer.de |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id
ib8csp4701319vqb;
Wed, 18 Oct 2023 03:52:07 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IELUhUYr2VAcVzEHYnOlRV4Q6rnf948yK3TS0WNf3YChKwqke2jgPst5yeZkM5Ys4gDyJ8h
X-Received: by 2002:a17:902:760d:b0:1c6:2b3d:d918 with SMTP id
k13-20020a170902760d00b001c62b3dd918mr4974343pll.3.1697626327133;
Wed, 18 Oct 2023 03:52:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697626327; cv=none;
d=google.com; s=arc-20160816;
b=dNcfn++s5FKb6LXA1q3umK857MjUkRXs5QwbrwQIluHGPefsDmzaYjqnwQLtOPYkZY
+rmmnuwOIi9EJTWee5kj2DArNHvorYKaL3esTuECuJ++HZcKmepkcBpNHc4KlOgA16OY
ipFgJv0NDqWXYvPSX2Jl1s17e/AWnbzqYWZ2ZE3LdmRSg/S8df5rEBrfGaCvZ66p+NeD
gbPJuO1Z5uUhOEG0msSlAy80e2x/BivWSVDM3kL6J+aW3UoFcZVTCX/P3iyMASWuhMt8
0jxFJahaEUrFNKIQlNn+6x4zVIaWwen5Bm7lV/++4k8EpGmBLeMFFWIWdGdUmHE1JMsn
Fp0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:ui-outboundreport:content-transfer-encoding
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from;
bh=HdAPg1z7sS0AGvd4vqaFHr3rIQ9eRjIceGAqFce53I8=;
fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=;
b=KLnNQ3uXxZSU6/IK6TprLLtF8AAfvKhAVCaZLm53W+MehhUz0jHogFeVAO9JN0iWr7
QkawX82TgHVeg7BvJiXuQQjFTmaY2Aasq3sr38b1zSPCAj+HDTcYmm8NxK9Twzdmx9gD
OLqzWvKbm3XMKYZ75mvVW1EXmbJL8xIcxdvTpKCyAf38TTD555Ua8KmIxeg/ufkoMnO7
PuOs0hmBA8t/hrp7Ara76KYBK+GCOcC2tRng4LL72hGVrZNQDpM6+p5bS5gaa+vrPmRj
e/YV20KsVPz1YTEcUFZxYuozQUkXr8mQ8zc/iIxbD9PB9hGTr5j6CJL66urwEjN2wjeN
/w9A==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
by mx.google.com with ESMTPS id
h12-20020a170902704c00b001c62139b164si3869737plt.38.2023.10.18.03.52.06
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 18 Oct 2023 03:52:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id 2C7568031AEE;
Wed, 18 Oct 2023 03:52:05 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230398AbjJRKvu (ORCPT <rfc822;lkml4gm@gmail.com> + 24 others);
Wed, 18 Oct 2023 06:51:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48966 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229605AbjJRKvc (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 18 Oct 2023 06:51:32 -0400
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45F30F9;
Wed, 18 Oct 2023 03:51:27 -0700 (PDT)
Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by
mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis)
id 1MfL5v-1rTTgR3Mkt-00grKp; Wed, 18 Oct 2023 12:51:04 +0200
From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
To: Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Christian Brauner <brauner@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Paul Moore <paul@paul-moore.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>,
Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?=
=?utf-8?q?ael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
Subject: [RFC PATCH v2 12/14] bpf: Add flag BPF_DEVCG_ACC_MKNOD_UNS for device
access
Date: Wed, 18 Oct 2023 12:50:31 +0200
Message-Id: <20231018105033.13669-13-michael.weiss@aisec.fraunhofer.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de>
References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:jFFIwS4qwpApd71uT5/zzBofJHrQqQbMnQCJHEMIWW1Lqc23Bv6
CLaXIgZryPTHHNnoyvu1YqBoKOYSFhL+2PrXRkZWBsk2opEc0nVBAFlgDl0hobyxG49s0Ud
9YG/8xesCxM8FUqNmbqiQ6caI/0dbJYKNpvwSg28bF8XMhCPg66tLPMklXLhksz8jbOX5Be
XCthwxUiwm541vxbY+hXA==
UI-OutboundReport: notjunk:1;M01:P0:MNEgPA54IMs=;me9EvLyitsl0wTv0UsXt+4LxB3G
Eh0yoMuL7/IahwR85VE3A2qEg6zChPO0GZuzIR1zs5Jg9SQnajBFHzvj7/g7SVxDbaGwPtDbu
F7Hh5GIa0i+RmWI2OzLgXPGBCqe1A7h2DTWlvI0zAdlwwinvGaZhoqZ/NaZcM7ktbEvFazgys
+ivqxBeoHVCwclRyx88ZiwSpRjr7SNnUbuRV/dqHyTy5KHLL7dNamTRD92l9Xvpsu5E1MmTA8
c9ethuj7kCZbBt3Hso5+dXjLc5K+xJp9sV9uJhSh9jYzP5ZxTSygD/VTo6gjBfUO/QqwHgDiz
DN2b3nPQ/Ka+xDOyXiogyMb+RiDo5eN28l7YLzEZPZvOIlPKyR1gniVBBmHIN1hGqPnHaSUmq
b096EXkbEEbEKE+sSxGYr8MAb8Xjc/tEqzIIQ8yAW1iJquYM1rZGrICDCSHwkSblINPpsfULD
OdI1QFuBmuuSEYvCwaFLYlELH/MEGqntz5GEbi2VrFAQs7RNDTYrKHHwz0V3HECnp0MHGCyla
iIDYh6MStky1f2Z112vlezC18zvZI7y5xmNfx4rMXFvaPoYgP1J5I4aBxDVhvdBZVUpQ/9WWq
WCQSyKBPIt7tOt1AM4T9pEtbme68dVzHEj00Wu0WrfYAA9EttXA75nqVYaJNdFdSkaklL6sqq
OMnVc+K/LfD5LpC5oMG9OB3Jl4ELffgkabBtNhPqXE3IZDE5g0pkAdhiM75yPFDKgXL+KleWt
IMJuv7bdK+xSGELVf0mabwDYZ+t2hJx2tfHTDauWnBOqCEULvpciMaMv2o/ulUR7MMl/umNkW
YpMPYmf7O+6hjzc9yOYOXJEHoSp2/IbkkvZhSkf2YDawB4xecEGdSdap2eMAwzEW6v+VOUjNx
E6VXNm2pv7kGcVsIISJwHqEvFCyj8YoVj7KA=
X-Spam-Status: No,
score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Wed, 18 Oct 2023 03:52:05 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780090224025498579
X-GMAIL-MSGID: 1780090224025498579
|
| Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 18, 2023, 10:50 a.m. UTC
With this new flag for bpf cgroup device programs, it should be
possible to guard mknod() access in non-initial user namespaces
later on.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
include/uapi/linux/bpf.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 0448700890f7..0196b9c72d3e 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -6927,6 +6927,7 @@ enum { BPF_DEVCG_ACC_MKNOD = (1ULL << 0), BPF_DEVCG_ACC_READ = (1ULL << 1), BPF_DEVCG_ACC_WRITE = (1ULL << 2), + BPF_DEVCG_ACC_MKNOD_UNS = (1ULL << 3), }; enum {