Re: [RFC v2 08/10] landlock: Handle file system comparisons

[Andy Lutomirski]

On Thu, Aug 25, 2016 at 3:32 AM, MickaÃl SalaÃn <mic@xxxxxxxxxxx> wrote:
> Add eBPF functions to compare file system access with a Landlock file
> system handle:
> * bpf_landlock_cmp_fs_prop_with_struct_file(prop, map, map_op, file)
>   This function allows to compare the dentry, inode, device or mount
>   point of the currently accessed file, with a reference handle.
> * bpf_landlock_cmp_fs_beneath_with_struct_file(opt, map, map_op, file)
>   This function allows an eBPF program to check if the current accessed
>   file is the same or in the hierarchy of a reference handle.
>
> The goal of file system handle is to abstract kernel objects such as a
> struct file or a struct inode. Userland can create this kind of handle
> thanks to the BPF_MAP_UPDATE_ELEM command. The element is a struct
> landlock_handle containing the handle type (e.g.
> BPF_MAP_HANDLE_TYPE_LANDLOCK_FS_FD) and a file descriptor. This could
> also be any descriptions able to match a struct file or a struct inode
> (e.g. path or glob string).

This needs Eric's opinion.

Also, where do all the struct file *'s get stashed?  Are they
preserved in the arraymap?  What prevents reference cycles or absurdly
large numbers of struct files getting pinned?

--Andy