[PATCH v14 bpf-next 1/6] bpf: Add kfunc bpf_get_file_xattr
KP Singh
kpsingh at kernel.org
Wed Nov 29 16:06:10 UTC 2023
On Wed, Nov 29, 2023 at 1:37 AM Song Liu <song at kernel.org> wrote:
>
> It is common practice for security solutions to store tags/labels in
> xattrs. To implement similar functionalities in BPF LSM, add new kfunc
> bpf_get_file_xattr().
>
> The first use case of bpf_get_file_xattr() is to implement file
> verifications with asymmetric keys. Specificially, security applications
> could use fsverity for file hashes and use xattr to store file signatures.
> (kfunc for fsverity hash will be added in a separate commit.)
>
> Currently, only xattrs with "user." prefix can be read with kfunc
> bpf_get_file_xattr(). As use cases evolve, we may add a dedicated prefix
> for bpf_get_file_xattr().
>
> To avoid recursion, bpf_get_file_xattr can be only called from LSM hooks.
>
> Signed-off-by: Song Liu <song at kernel.org>
> Acked-by: Christian Brauner <brauner at kernel.org>
Acked-by: KP Singh <kpsingh at kernel.org>
More information about the Linux-security-module-archive
mailing list