Re: [RFC] audit support for BPF notification
[an addition]
I also believe that this log entry should include program source and/or bytecode
checksum so customer/our support can verify that exactly this eBPF program was
loaded/unloaded and not the program that someone states that it was loaded.
Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer
----- Original Message -----
From: "Jiri Benc" <jbenc(a)redhat.com>
To: "Jiri Olsa" <jolsa(a)redhat.com>
Cc: "Steve Grubb" <sgrubb(a)redhat.com>, linux-audit(a)redhat.com,
"Stanislav Kozina" <skozina(a)redhat.com>, "Yauheni
Kaliuta" <yauheni.kaliuta(a)redhat.com>, "Toke Høiland-Jørgensen"
<toke(a)redhat.com>, "Arnaldo Carvalho de Melo"
<acme(a)redhat.com>, "Jesper Dangaard Brouer" <brouer(a)redhat.com>,
"Vlad Dronov" <vdronov(a)redhat.com>, "Petr Matousek"
<pmatouse(a)redhat.com>, "Rashid Khan" <rkhan(a)redhat.com>
Sent: Monday, November 4, 2019 2:05:18 PM
Subject: Re: [RFC] audit support for BPF notification
Seems there have been no reply to this...
Jiri, what is the current status?
Vlad, what is the Product Security's view on this? Is the audit support
for bpf programs loading/unloading a requirement for full support of
eBPF (as opposed to tech preview)?
Thanks,
Jiri