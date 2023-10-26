Kernel Space: The 2023 Image-Based Linux Summit and Finer-grained BPF Tokens
-
LWN ☛ The 2023 Image-Based Linux Summit
Following up from last year's first Image-Based Linux Summit), a second meeting was held in Berlin on September 12th, 2023, the day before All Systems Go! 2023, at the Microsoft office. The goal of these summits is to find common ground among stakeholders from various engineering groups around the topic of image-based Linux distributions, communicate progress, and attempt to build a strategy to tackle shared problems together. The organizers — Luca Boccassi, Lennart Poettering, and Christian Brauner — welcomed participants from the UAPI Group, which draws developers from a long list of companies with an interest in this area, and spent the full day discussing a variety of topics. Full minutes have been published on the UAPI Group’s web site.
-
LWN ☛ Finer-grained BPF tokens
Programs running in the BPF machine can, depending on how they are attached, perform a number of privileged operations; the ability to load and run those programs, thus, must be a privileged operation in its own right. Almost since the beginning of the extended-BPF era, developers have struggled to find a way to allow users to run the programs they need without giving away more privilege than is necessary. Earlier this year, the idea of a BPF token ran into some opposition from security-oriented developers. Andrii Nakryiko has since returned with an updated patch set that significantly increases the granularity of the privileges that can be conferred with a BPF token.
In the early days, the ability to load most BPF programs was restricted to processes with the CAP_SYS_ADMIN capability. That capability, though, allows a user to do far more than load BPF programs; it is essentially equivalent to full root access. In the 5.8 release, the CAP_BPF capability was added to regulate access to most BPF operations; other capabilities may be required as well for some specific actions. CAP_BPF still allows a process to do a lot of things, though, probably more than an administrator would like.