Aug 24 – 28, 2020
US/Pacific timezone

BPF LSM (Updates + Progress)

Aug 25, 2020, 9:45 AM
Networking and BPF Summit/Virtual-Room (LPC Virtual)

Networking and BPF Summit/Virtual-Room

LPC Virtual

Networking & BPF Summit Networking and BPF Summit


KP Singh (Google)


The BPF LSM or Kernel Runtime Security Instrumentation (KRSI) aims to provide an extensible LSM by allowing privileged users to attach eBPF programs to security hooks to dynamically implement MAC and Audit Policies.

KRSI was introduced in LSS-US 2019 and has since then had multiple interesting updates and triggered some meaningful discussions. The talk provides an update on:

  • Progress in the mainline kernel, the ongoing discussions, and a recap of the
    interesting discussions that were resolved.
  • New infrastructure merged into BPF to support the BPF LSM use-case.
  • Some optimisations that can improve the performance characteristics of the
    currently existing LSM framework which would not only benefit KRSI
    but also all other LSMs.

The talk showcases how the design has evolved over time and what trade-offs were considered and what's upcoming after the initial patches are merged.

I agree to abide by the anti-harassment policy I agree

Primary author

KP Singh (Google)

Presentation materials

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Catchboxes Sponsor

Conference Services Provided By