[Devel] [PATCH RHEL10 COMMIT] bpf: add mount access type to eBPF cgroup program

Konstantin Khorenko Wed, 19 Nov 2025 09:57:45 -0800

The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will 
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.19.vz10
------>
commit d77eb3e2530c6baa70fb347ecc9dd64901ba9a8f
Author: Aleksei Oladko <[email protected]>
Date:   Fri Nov 7 15:36:27 2025 +0000


    bpf: add mount access type to eBPF cgroup program
    
    This patch adds a mount access type to eBPF cgroup device type program
    enabling the ability to specify whether a mount operation should be
    allowed or denied.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-117297
    
    Signed-off-by: Aleksei Oladko <[email protected]>
    Reviewed-by: Pavel Tikhomirov <[email protected]>
    
    Feature: device_cgroup: virtualize devices visibility in CT
---
 include/uapi/linux/bpf.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4a939c90dc2e4..4a79bfa87bc4f 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -7114,7 +7114,14 @@ enum {
        BPF_DEVCG_ACC_MKNOD     = (1ULL << 0),
        BPF_DEVCG_ACC_READ      = (1ULL << 1),
        BPF_DEVCG_ACC_WRITE     = (1ULL << 2),
+       BPF_DEVCG_ACC_MOUNT     = (1ULL << 6),
 };
+/*
+ * This allows building a BPF program using
+ *   #ifndef BPF_DEVCG_ACC_MOUNT
+ * and is used in libvzctl.
+ */
+#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT
 
 enum {
        BPF_DEVCG_DEV_BLOCK     = (1ULL << 0),
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL10 COMMIT] bpf: add mount access type to eBPF cgroup program

Reply via email to