24-28 August 2020
US/Pacific timezone

BPF LSM (Updates + Progress)

25 Aug 2020, 09:45
45m
Networking and BPF Summit/Virtual-Room (LPC 2020)

Networking and BPF Summit/Virtual-Room

LPC 2020

150
Networking & BPF Summit Networking and BPF Summit

Speaker

Mr KP Singh

Description

The BPF LSM or Kernel Runtime Security Instrumentation (KRSI) aims to provide an extensible LSM by allowing privileged users to attach eBPF programs to security hooks to dynamically implement MAC and Audit Policies.

KRSI was introduced in LSS-US 2019 and has since then had multiple interesting updates and triggered some meaningful discussions. The talk provides an update on:

  • Progress in the mainline kernel, the ongoing discussions, and a recap of the
    interesting discussions that were resolved.
  • New infrastructure merged into BPF to support the BPF LSM use-case.
  • Some optimisations that can improve the performance characteristics of the
    currently existing LSM framework which would not only benefit KRSI
    but also all other LSMs.

The talk showcases how the design has evolved over time and what trade-offs were considered and what's upcoming after the initial patches are merged.

I agree to abide by the anti-harassment policy I agree

Primary author

Presentation Materials