News: 0000832132

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Cook: Security things in Linux v5.7

([Kernel] Sep 22, 2020 13:35 UTC (Tue) (corbet))


Kees Cook [1]catches up with the security-related changes in the 5.7 kernel. " The kernel’s Linux Security Module (LSM) API provide a way to write security modules that have traditionally implemented various Mandatory Access Control (MAC) systems like SELinux, AppArmor, etc. The LSM hooks are numerous and no one LSM uses them all, as some hooks are much more specialized (like those used by IMA, Yama, LoadPin, etc). There was not, however, any way to externally attach to these hooks (not even through a regular loadable kernel module) nor build fully dynamic security policy, until KP Singh landed the API for building LSM policy using BPF. With this, it is possible (for a privileged process) to write kernel LSM hooks in BPF, allowing for totally custom security policy (and reporting). "



[1] https://outflux.net/blog/archives/2020/09/21/security-things-in-linux-v5-7/

Cook: Security things in Linux v5.7

When will Linux be renamed eBPF-OS?

Cook: Security things in Linux v5.7

When will Linux be renamed eBPF-OS?

Like corn in a field I cut you down,
I threw the last punch way too hard,
After years of going steady, well, I thought it was time,
To throw in my hand for a new set of cards.
And I can't take you dancing out on the weekend,
I figured we'd painted too much of this town,
And I tried not to look as I walked to my wagon,
And I knew then I had lost what should have been found,
I knew then I had lost what should have been found.
And I feel like a bullet in the gun of Robert Ford
I'm as low as a paid assassin is
You know I'm cold as a hired sword.
I'm so ashamed we can't patch it up,
You know I can't think straight no more
You make me feel like a bullet, honey,
a bullet in the gun of Robert Ford.
-- Elton John "I Feel Like a Bullet"