git.baikalelectronics.ru Git - kernel.git/commit

author	Daniel Borkmann <daniel@iogearbox.net>
	Fri, 27 Mar 2020 15:58:54 +0000 (16:58 +0100)
committer	Alexei Starovoitov <ast@kernel.org>
	Sat, 28 Mar 2020 02:40:39 +0000 (19:40 -0700)
commit	e4309af8b445d5b50485a44cad797b4ee206ecba
tree	53099c731ea40e72c37abb521564cd08fc6c68e6	tree \| snapshot
parent	3b0669385d37bab83cdfa2d0ddfa4019d78b97f1	commit \| diff

bpf: Enable bpf cgroup hooks to retrieve cgroup v2 and ancestor id

Enable the bpf_get_current_cgroup_id() helper for connect(), sendmsg(),
recvmsg() and bind-related hooks in order to retrieve the cgroup v2
context which can then be used as part of the key for BPF map lookups,
for example. Given these hooks operate in process context 'current' is
always valid and pointing to the app that is performing mentioned
syscalls if it's subject to a v2 cgroup. Also with same motivation of
commit d068e8441c2a ("bpf: Introduce bpf_skb_ancestor_cgroup_id helper")
enable retrieval of ancestor from current so the cgroup id can be used
for policy lookups which can then forbid connect() / bind(), for example.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/d2a7ef42530ad299e3cbb245e6c12374b72145ef.1585323121.git.daniel@iogearbox.net

include/linux/bpf.h		diff \| blob \| history
include/uapi/linux/bpf.h		diff \| blob \| history
kernel/bpf/core.c		diff \| blob \| history
kernel/bpf/helpers.c		diff \| blob \| history
net/core/filter.c		diff \| blob \| history
tools/include/uapi/linux/bpf.h		diff \| blob \| history