• C
    security: bpf: Add LSM hooks for bpf object related syscall · afdb09c7
    Chenbo Feng 提交于
    Introduce several LSM hooks for the syscalls that will allow the
    userspace to access to eBPF object such as eBPF programs and eBPF maps.
    The security check is aimed to enforce a per object security protection
    for eBPF object so only processes with the right priviliges can
    read/write to a specific map or use a specific eBPF program. Besides
    that, a general security hook is added before the multiplexer of bpf
    syscall to check the cmd and the attribute used for the command. The
    actual security module can decide which command need to be checked and
    how the cmd should be checked.
    Signed-off-by: NChenbo Feng <fengc@google.com>
    Acked-by: NJames Morris <james.l.morris@oracle.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    afdb09c7
security.c 43.5 KB