On Mon, Apr 21, 2025 at 3:04 PM Paul Moore paul@paul-moore.com wrote:
On Mon, Apr 21, 2025 at 4:13 PM Alexei Starovoitov alexei.starovoitov@gmail.com wrote:
On Wed, Apr 16, 2025 at 10:31 AM Blaise Boscaccy bboscaccy@linux.microsoft.com wrote:
Hacking into bpf internal objects like maps is not acceptable.
We've heard your concerns about kern_sys_bpf and we agree that the LSM should not be calling it. The proposal in this email should meet both of our needs https://lore.kernel.org/bpf/874iypjl8t.fsf@microsoft.com/
...
Calling bpf_map_get() and map->ops->map_lookup_elem() from a module is not ok either.
A quick look uncovers code living under net/ which calls into these APIs.
and your point is ?
Again, Nack to hacking into bpf internals from LSM, module or kernel subsystem.