selinux: bpf: Add selinux check for eBPF syscall operations - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Chenbo Feng <[email protected]>	2017-10-18 13:00:25 -0700
committer	David S. Miller <[email protected]>	2017-10-20 13:32:59 +0100
commit	ec27c3568a34c7fe5fcf4ac0a354eda77687f7eb (patch)
tree	e37f2897f3c6228d26a9a15892e61ae63aa2e4fc /net/unix/af_unix.c
parent	afdb09c720b62b8090584c11151d856df330e57d (diff)

selinux: bpf: Add selinux check for eBPF syscall operations

Implement the actual checks introduced to eBPF related syscalls. This implementation use the security field inside bpf object to store a sid that identify the bpf object. And when processes try to access the object, selinux will check if processes have the right privileges. The creation of eBPF object are also checked at the general bpf check hook and new cmd introduced to eBPF domain can also be checked there. Signed-off-by: Chenbo Feng <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Reviewed-by: James Morris <[email protected]> Signed-off-by: David S. Miller <[email protected]>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: