git.baikalelectronics.ru Git - kernel.git/commit

author	Chenbo Feng <fengc@google.com>
	Wed, 18 Oct 2017 20:00:25 +0000 (13:00 -0700)
committer	David S. Miller <davem@davemloft.net>
	Fri, 20 Oct 2017 12:32:59 +0000 (13:32 +0100)
commit	2ce141207bc961243653bcc906befa3338452600
tree	e37f2897f3c6228d26a9a15892e61ae63aa2e4fc	tree \| snapshot
parent	f611ee66e7c28e433efe04c0e96db83f3abf7451	commit \| diff

selinux: bpf: Add selinux check for eBPF syscall operations

Implement the actual checks introduced to eBPF related syscalls. This
implementation use the security field inside bpf object to store a sid that
identify the bpf object. And when processes try to access the object,
selinux will check if processes have the right privileges. The creation
of eBPF object are also checked at the general bpf check hook and new
cmd introduced to eBPF domain can also be checked there.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/classmap.h		diff \| blob \| history
security/selinux/include/objsec.h		diff \| blob \| history