bpf,lsm: add BPF token LSM hooks - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Andrii Nakryiko <[email protected]>	2023-11-30 10:52:23 -0800
committer	Alexei Starovoitov <[email protected]>	2023-12-06 10:03:00 -0800
commit	d734ca7b33dbf60eb15dcf7c44f3da7073356777 (patch)
tree	094194f17a60f5e22567a26ba3ae537556a54456 /tools/testing/selftests/bpf/progs/test_autoload.c
parent	66d636d70a79c1d37e3eea67ab50969e6aaef983 (diff)

bpf,lsm: add BPF token LSM hooks

Wire up bpf_token_create and bpf_token_free LSM hooks, which allow to allocate LSM security blob (we add `void *security` field to struct bpf_token for that), but also control who can instantiate BPF token. This follows existing pattern for BPF map and BPF prog. Also add security_bpf_token_allow_cmd() and security_bpf_token_capable() LSM hooks that allow LSM implementation to control and negate (if necessary) BPF token's delegation of a specific bpf_cmd and capability, respectively. Acked-by: Paul Moore <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>

Diffstat (limited to 'tools/testing/selftests/bpf/progs/test_autoload.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: