On Mon, Apr 21, 2025 at 3:04 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Mon, Apr 21, 2025 at 4:13 PM Alexei Starovoitov > <alexei.starovoitov@xxxxxxxxx> wrote: > > On Wed, Apr 16, 2025 at 10:31 AM Blaise Boscaccy > > <bboscaccy@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > Hacking into bpf internal objects like maps is not acceptable. > > > > > > We've heard your concerns about kern_sys_bpf and we agree that the LSM > > > should not be calling it. The proposal in this email should meet both of > > > our needs > > > https://lore.kernel.org/bpf/874iypjl8t.fsf@xxxxxxxxxxxxx/ > > ... > > > Calling bpf_map_get() and > > map->ops->map_lookup_elem() from a module is not ok either. > > A quick look uncovers code living under net/ which calls into these APIs. and your point is ? Again, Nack to hacking into bpf internals from LSM, module or kernel subsystem.
