From: Paul Moore <paul@xxxxxxxxxxxxxx>
Date: Sat, 14 Jun 2025 07:43:46 -0400
> On June 13, 2025 6:24:15 PM Kuniyuki Iwashima <kuni1840@xxxxxxxxx> wrote:
> > From: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
> >
> > Since commit 77cbe1a6d873 ("af_unix: Introduce SO_PASSRIGHTS."),
> > we can disable SCM_RIGHTS per socket, but it's not flexible.
> >
> > This series allows us to implement more fine-grained filtering for
> > SCM_RIGHTS with BPF LSM.
>
> My ability to review this over the weekend is limited due to device and
> network access, but I'll take a look next week.
>
> That said, it would be good if you could clarify the "filtering" aspect of
> your comments; it may be obvious when I'm able to look at the full patchset
I meant to mention that just below the quoted part :)
---8<---
Changes:
v2: Remove SCM_RIGHTS fd scrubbing functionality
---8<---
> in context, but the commit descriptions worry me that perhaps you are still
> intending on using the LSM framework to cut SCM_RIGHTS payloads from
> individual messages? Blocking messages at send time if they contain
> SCM_RIGHTS is likely okay (pending proper implementation review), but
> modifying packets in flight in the LSM framework is not.
>
> Also, a quick administrative note, I see you have marked this as
> "bpf-next", however given the diffstat of the proposed changes this
> patchset should go to Linus via the LSM tree and not the BPF tree.
This was to kick the BPF CI for the selftest patch, and the __nullable
arg suffix in patch 3 is BPF specific stuff, but I don't have preference
here and whichever is fine to me.
