Hmmm, this doesn't build for me:
security/selinux/hooks.c: In function ‘bpf_fd_pass’:
security/selinux/hooks.c:6325:40: error: ‘SECCLASS_BPF_MAP’ undeclared (first
use in this function); did you mean ‘SECCLASS_BPF’?
ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF_MAP,
From: Chenbo Feng
Much like files and sockets, eBPF objects are accessed, controlled, and
shared via a file descriptor (FD). Unlike files and sockets, the
existing mechanism for eBPF object access control is very limited.
Currently there are two options for granting accessing to eBPF
operations: