[PATCH v2 bpf-next 00/18] BPF token
Toke Høiland-Jørgensen
toke at redhat.com
Fri Jun 23 23:07:15 UTC 2023
Andrii Nakryiko <andrii.nakryiko at gmail.com> writes:
>> applications meets the needs of these PODs that need to do
>> privileged/bpf things without any tokens. Ultimately you are trusting
>> these apps in the same way as if you were granting a token.
>
> Yes, absolutely. As I mentioned very explicitly, it's the question of
> trusting application. Service vs token is implementation details, but
> the one that has huge implications in how applications are built,
> tested, versioned, deployed, etc.
So one thing that I don't really get is why such a "trusted application"
needs to be run in a user namespace in the first place? If it's trusted,
why not simply run it as a privileged container (without the user
namespace) and grant it the right system-level capabilities, instead of
going to all this trouble just to punch a hole in the user namespace
isolation?
-Toke
More information about the Linux-security-module-archive
mailing list