-
由 Chenbo Feng 提交于
Introduce several LSM hooks for the syscalls that will allow the userspace to access to eBPF object such as eBPF programs and eBPF maps. The security check is aimed to enforce a per object security protection for eBPF object so only processes with the right priviliges can read/write to a specific map or use a specific eBPF program. Besides that, a general security hook is added before the multiplexer of bpf syscall to check the cmd and the attribute used for the command. The actual security module can decide which command need to be checked and how the cmd should be checked. Signed-off-by: NChenbo Feng <fengc@google.com> Acked-by: NJames Morris <james.l.morris@oracle.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
afdb09c7