bpf: Add kfunc bpf_get_file_xattr - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Song Liu <song@kernel.org>	2023-11-29 15:44:12 -0800
committer	Alexei Starovoitov <ast@kernel.org>	2023-12-01 16:21:03 -0800
commit	ac9c05e0e453cfcab2866f6d28f257590e4f66e5 (patch)
tree	aebe277c80b949f0a40681bdb8244ae7ba2b0a8f /tools/testing/selftests/bpf/prog_tests/tcp_hdr_options.c
parent	b6a3451e0847d5d70fb5fa2b2a80ab9f80bf2c7b (diff)

bpf: Add kfunc bpf_get_file_xattr

It is common practice for security solutions to store tags/labels in xattrs. To implement similar functionalities in BPF LSM, add new kfunc bpf_get_file_xattr(). The first use case of bpf_get_file_xattr() is to implement file verifications with asymmetric keys. Specificially, security applications could use fsverity for file hashes and use xattr to store file signatures. (kfunc for fsverity hash will be added in a separate commit.) Currently, only xattrs with "user." prefix can be read with kfunc bpf_get_file_xattr(). As use cases evolve, we may add a dedicated prefix for bpf_get_file_xattr(). To avoid recursion, bpf_get_file_xattr can be only called from LSM hooks. Signed-off-by: Song Liu <song@kernel.org> Acked-by: Christian Brauner <brauner@kernel.org> Acked-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20231129234417.856536-2-song@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/tcp_hdr_options.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: