On Wed, 18 Oct 2017, Chenbo Feng wrote: > From: Chenbo Feng <fe...@google.com> > > Introduce a bpf object related check when sending and receiving files > through unix domain socket as well as binder. It checks if the receiving > process have privilege to read/write the bpf map or use the bpf program. > This check is necessary because the bpf maps and programs are using a > anonymous inode as their shared inode so the normal way of checking the > files and sockets when passing between processes cannot work properly on > eBPF object. This check only works when the BPF_SYSCALL is configured. > > Signed-off-by: Chenbo Feng <fe...@google.com> > Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com>
