git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit

author	Chenbo Feng <fengc@google.com>
	Wed, 18 Oct 2017 20:00:24 +0000 (13:00 -0700)
committer	David S. Miller <davem@davemloft.net>
	Fri, 20 Oct 2017 12:32:59 +0000 (13:32 +0100)
commit	afdb09c720b62b8090584c11151d856df330e57d
tree	61e44af438b458ffd16624c5337f65ab76c94912	tree
parent	e043325b308745d6968673e7b53080bd7cc39f08	commit \| diff

security: bpf: Add LSM hooks for bpf object related syscall

Introduce several LSM hooks for the syscalls that will allow the
userspace to access to eBPF object such as eBPF programs and eBPF maps.
The security check is aimed to enforce a per object security protection
for eBPF object so only processes with the right priviliges can
read/write to a specific map or use a specific eBPF program. Besides
that, a general security hook is added before the multiplexer of bpf
syscall to check the cmd and the attribute used for the command. The
actual security module can decide which command need to be checked and
how the cmd should be checked.

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/bpf.h		diff \| blob \| blame \| history
include/linux/lsm_hooks.h		diff \| blob \| blame \| history
include/linux/security.h		diff \| blob \| blame \| history
kernel/bpf/syscall.c		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history