bpf, cgroup: implement eBPF-based device controller for cgroup v2 - openslx/kernel-qcow2-linux.git

diff options

author	Roman Gushchin	2017-11-05 14:15:32 +0100
committer	David S. Miller	2017-11-05 15:26:51 +0100
commit	ebc614f687369f9df99828572b1d85a7c2de3d92 (patch)
tree	bfcaecb3636c2ef3fd31da33138fe72db50663f2 /tools/testing/selftests/bpf/cgroup_helpers.h
parent	device_cgroup: prepare code for bpf-based device controller (diff)
download	kernel-qcow2-linux-ebc614f687369f9df99828572b1d85a7c2de3d92.tar.gz kernel-qcow2-linux-ebc614f687369f9df99828572b1d85a7c2de3d92.tar.xz kernel-qcow2-linux-ebc614f687369f9df99828572b1d85a7c2de3d92.zip

bpf, cgroup: implement eBPF-based device controller for cgroup v2

Cgroup v2 lacks the device controller, provided by cgroup v1. This patch adds a new eBPF program type, which in combination of previously added ability to attach multiple eBPF programs to a cgroup, will provide a similar functionality, but with some additional flexibility. This patch introduces a BPF_PROG_TYPE_CGROUP_DEVICE program type. A program takes major and minor device numbers, device type (block/character) and access type (mknod/read/write) as parameters and returns an integer which defines if the operation should be allowed or terminated with -EPERM. Signed-off-by: Roman Gushchin <guro@fb.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Tejun Heo <tj@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'tools/testing/selftests/bpf/cgroup_helpers.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: