[PATCH RFC bpf-next 0/4] audit: Expose audit subsystem to BPF LSM programs via BPF kfuncs
Paul Moore
paul at paul-moore.com
Tue Apr 21 22:10:15 UTC 2026
On Tue, Apr 21, 2026 at 5:12 PM Alexei Starovoitov
<alexei.starovoitov at gmail.com> wrote:
> On Tue, Apr 21, 2026 at 2:07 PM Frederick Lawler <fred at cloudflare.com> wrote:
> >
> > Hi folks,
> >
> > I was accepted to speak a little bit about this patch series at Linux
> > Security Summit this May [1]. I'm going to use this opportunity to
> > re-iterate some of the motivation, what can be done today with BPF,
> > drawbacks, and wrap up with discussion topics. I'd love to hear feedback
> > from audit, BPF, and security folks to work towards a viable solution that
> > addresses shortcomings to allow for better integration with BPF.
>
> I don't think any bpf folks will be there.
> Also giving a talk about it doesn't make it acceptable.
I think it's valid to have a discussion with the LSS folks as they are
the ones who will most likely be interested in using the
functionality. From my perspective there is still value in validating
the basic ideas in Fred's patchset and checking the value amongst the
LSS audience.
> It's still Nack.
Based solely on the diffstat and a quick look, this appears to be an
LSM patchset, not necessarily a BPF patchset; yes, there are kfuncs,
but they are LSM/audit kfuncs and not core BPF functionality.
Regardless, I want to see how the LSS presentation is received before
worrying about this too much, but your NACK has been noted.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list