git.baikalelectronics.ru Git - kernel.git/commit

author	Chenbo Feng <fengc@google.com>
	Wed, 18 Oct 2017 20:00:24 +0000 (13:00 -0700)
committer	David S. Miller <davem@davemloft.net>
	Fri, 20 Oct 2017 12:32:59 +0000 (13:32 +0100)
commit	4ce59f1ff65f4f498fa6060f8a73112dffc8b002
tree	61e44af438b458ffd16624c5337f65ab76c94912	tree \| snapshot
parent	412f96e833883438d0868c5e13ea4649f4a35c01	commit \| diff

security: bpf: Add LSM hooks for bpf object related syscall

Introduce several LSM hooks for the syscalls that will allow the
userspace to access to eBPF object such as eBPF programs and eBPF maps.
The security check is aimed to enforce a per object security protection
for eBPF object so only processes with the right priviliges can
read/write to a specific map or use a specific eBPF program. Besides
that, a general security hook is added before the multiplexer of bpf
syscall to check the cmd and the attribute used for the command. The
actual security module can decide which command need to be checked and
how the cmd should be checked.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/bpf.h		diff \| blob \| history
include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
security/security.c		diff \| blob \| history