[RFC] audit support for BPF notification
Vladis Dronov
vdronov at redhat.com
Mon Nov 4 13:46:06 UTC 2019
[an addition]
I also believe that this log entry should include program source and/or bytecode
checksum so customer/our support can verify that exactly this eBPF program was
loaded/unloaded and not the program that someone states that it was loaded.
Best regards,
Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer
----- Original Message -----
> From: "Jiri Benc" <jbenc at redhat.com>
> To: "Jiri Olsa" <jolsa at redhat.com>
> Cc: "Steve Grubb" <sgrubb at redhat.com>, linux-audit at redhat.com, "Stanislav Kozina" <skozina at redhat.com>, "Yauheni
> Kaliuta" <yauheni.kaliuta at redhat.com>, "Toke Høiland-Jørgensen" <toke at redhat.com>, "Arnaldo Carvalho de Melo"
> <acme at redhat.com>, "Jesper Dangaard Brouer" <brouer at redhat.com>, "Vlad Dronov" <vdronov at redhat.com>, "Petr Matousek"
> <pmatouse at redhat.com>, "Rashid Khan" <rkhan at redhat.com>
> Sent: Monday, November 4, 2019 2:05:18 PM
> Subject: Re: [RFC] audit support for BPF notification
>
> Seems there have been no reply to this...
>
> Jiri, what is the current status?
>
> Vlad, what is the Product Security's view on this? Is the audit support
> for bpf programs loading/unloading a requirement for full support of
> eBPF (as opposed to tech preview)?
>
> Thanks,
>
> Jiri
More information about the Linux-audit
mailing list