On Sun, Apr 3, 2022 at 5:42 PM KP Singh kpsingh@kernel.org wrote:
On Sat, Apr 2, 2022 at 1:55 AM Alexei Starovoitov alexei.starovoitov@gmail.com wrote:
...
Pinning them to unreachable inodes intuitively looked the way to go for achieving the stated goal.
We can consider inodes in bpffs that are not unlinkable by root in the future, but certainly not for this use case.
Can this not be already done by adding a BPF_LSM program to the inode_unlink LSM hook?
Also, beside of the inode_unlink... and out of curiosity: making sysfs/bpffs/ readonly after pinning, then using bpf LSM hooks sb_mount|remount|unmount... family combining bpf() LSM hook... isn't this enough to: 1. Restrict who can pin to bpffs without using a full MAC 2. Restrict who can delete or unmount bpf filesystem
?