On Wed, 18 Oct 2017, Chenbo Feng wrote: > From: Chenbo Feng <fe...@google.com> > > Introduce several LSM hooks for the syscalls that will allow the > userspace to access to eBPF object such as eBPF programs and eBPF maps. > The security check is aimed to enforce a per object security protection > for eBPF object so only processes with the right priviliges can > read/write to a specific map or use a specific eBPF program. Besides > that, a general security hook is added before the multiplexer of bpf > syscall to check the cmd and the attribute used for the command. The > actual security module can decide which command need to be checked and > how the cmd should be checked. > > Signed-off-by: Chenbo Feng <fe...@google.com>
Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>
