Unprivileged BPF and authoritative security hooks
Unprivileged BPF and authoritative security hooks
Posted May 4, 2023 10:14 UTC (Thu) by Karellen (subscriber, #67644)In reply to: Unprivileged BPF and authoritative security hooks by ringerc
Parent article: Unprivileged BPF and authoritative security hooks
> I've always found it easier to layer these sorts of models where you default to denying then you layer grants.
I personally think this sounds like a better approach than "default allow with layered rejections", because it sounds like it has a better chance to "fail closed", which seems like a better security paradigm than "fail open".