[RFC PATCH bpf-next seccomp 12/12] seccomp-ebpf: support task storage from BPF-LSM, defaulting to group leader
Alexei Starovoitov
alexei.starovoitov at gmail.com
Tue May 11 01:58:14 UTC 2021
On Mon, May 10, 2021 at 12:22:49PM -0500, YiFei Zhu wrote:
> +
> +BPF_CALL_4(bpf_task_storage_get_default_leader, struct bpf_map *, map,
> + struct task_struct *, task, void *, value, u64, flags)
> +{
> + if (!task)
> + task = current->group_leader;
Did you actually need it to be group_leader or current is enough?
If so loading BTF is not necessary.
You could have exposed it bpf_get_current_task_btf() and passed its
return value into bpf_task_storage_get.
On the other side loading BTF can be relaxed to unpriv,
but doing current->group_leader deref will make it priv only anyway.
More information about the Linux-security-module-archive
mailing list