bpf: add BPF token support to BPF_MAP_CREATE command - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Andrii Nakryiko <[email protected]>	2023-11-30 10:52:16 -0800
committer	Alexei Starovoitov <[email protected]>	2023-12-06 10:02:59 -0800
commit	688b7270b3cb75e8ac78123d719967db40336e5b (patch)
tree	7b15d6aa33bc38a102899cc813bf825cbfe73f6e /tools/testing/selftests/bpf/progs/test_autoload.c
parent	4527358b76861dfd64ee34aba45d81648fbc8a61 (diff)

bpf: add BPF token support to BPF_MAP_CREATE command

Allow providing token_fd for BPF_MAP_CREATE command to allow controlled BPF map creation from unprivileged process through delegated BPF token. Wire through a set of allowed BPF map types to BPF token, derived from BPF FS at BPF token creation time. This, in combination with allowed_cmds allows to create a narrowly-focused BPF token (controlled by privileged agent) with a restrictive set of BPF maps that application can attempt to create. Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>

Diffstat (limited to 'tools/testing/selftests/bpf/progs/test_autoload.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: