git.baikalelectronics.ru Git - kernel.git/commit

author	Chenbo Feng <fengc@google.com>
	Wed, 18 Oct 2017 20:00:24 +0000 (13:00 -0700)
committer	David S. Miller <davem@davemloft.net>
	Fri, 20 Oct 2017 12:32:59 +0000 (13:32 +0100)
commit	f611ee66e7c28e433efe04c0e96db83f3abf7451
tree	61e44af438b458ffd16624c5337f65ab76c94912	tree \| snapshot
parent	7ed423f0f5d483030434f26c58fad9682be59b2f	commit \| diff

security: bpf: Add LSM hooks for bpf object related syscall

Introduce several LSM hooks for the syscalls that will allow the
userspace to access to eBPF object such as eBPF programs and eBPF maps.
The security check is aimed to enforce a per object security protection
for eBPF object so only processes with the right priviliges can
read/write to a specific map or use a specific eBPF program. Besides
that, a general security hook is added before the multiplexer of bpf
syscall to check the cmd and the attribute used for the command. The
actual security module can decide which command need to be checked and
how the cmd should be checked.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/bpf.h		diff \| blob \| history
include/linux/lsm_hooks.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
security/security.c		diff \| blob \| history