[PATCH linux-next] security: Fix side effects of default BPF LSM hooks
Casey Schaufler
casey at schaufler-ca.com
Fri Jun 10 19:00:20 UTC 2022
On 6/10/2022 11:50 AM, Casey Schaufler wrote:
> On 6/9/2022 4:46 PM, KP Singh wrote:
>> BPF LSM currently has a default implementation for each LSM hooks which
>> return a default value defined in include/linux/lsm_hook_defs.h. These
>> hooks should have no functional effect when there is no BPF program
>> loaded to implement the hook logic.
What I failed to point out earlier is that you really want general
LSM stacking for BPF to work the way you want it to. Reviewed-bys,
Acked-bys and other participation in that effort would be most
appreciated.
More information about the Linux-security-module-archive
mailing list