Versions Compared

Old Version 10

changes.mady.by.user VM (Vicky) Brasseur

Saved on

compared with

New Version 11

changes.mady.by.user LJ Illuzzi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • LF Antitrust Policy

  • Meeting note taker

  • Welcome to new attendees

  • LF ONE Summit recording to be added in l3af.io

  • Last week TSC output

    • Standardize Interface for communication between BPF maps from user-space <-> eBPF kernel space
    • Gate keeping and security and concerns around public market place
    • How do we handle other programs that might load eBPF and conflict with l3AF. Do we block them?
    • How are we different from BumbleBee?
    • Boiler plate generator that generates all the bpf_tail call and manage the maps
    • Here's the notes from the BSC minutes, let Dave know if any corrections:
      • Who is authoritative for what programs run on the node? (answer: admin of machine, who does so via a JSON config file)
        Would you really trust a public program repository? (unclear, L3AF TSC is discussing same question, cases today use private ones with paths specified by machine admin)
        Any coordination with Kubernetes or OpenStack? (today is standalone, may integrate with other things in future)
        How do you config/customize ebpf programs? (today Walmart’s programs used with L3AF factor config/customization to be done via maps)
        Any standard way of communicating with userspace, like protobufs etc? (not yet but L3AF would like to go in that direction)
        What about gatekeeping, i.e. reject “bad” tools that were rejected by kernel patch requests? Compare to bcc tool repo. Private program repositories are safer, public repository is dangerous/risky if just accepted (could just be reference implementations, always use private repos from L3AFD?)
        What happens if something other than L3AFD tries to deploy an ebpf program to the kernel? (today, can interfere, L3AF TSC should discuss) can you have SELinux like functionality or just use SELinux to control?
        How can you disincent/prevent admins from pointing to a public repo and being unsafe?
        How does it differ from the bumblebee project?
  • PR to add l3af as one of the projects under ebpf.io
  • Building eBPF programs (suggested by Luka from Sartura; they have a tool they find helpful)
  • Status of PEN
  • LFN Induction
    • Setup separate call. Propose weekly on Tuesday 1009:30 to 1110:30am ET/ 76:30amPT / 9pm 8pm IST
    • First meeting 02/01

  • General Topics (cover as needed)

    • Use Cases

    • Roadmap

    • Project structure

      • Governance

      • Technical Steering Committee

...