We need this for Docker, as after switch of containers to cgroup-v2, docker started to use bpf device cgroup programs to control access to devices for nested containers.
The first patch adds the feature and the second pathch adds selftests. Signed-off-by: Pavel Tikhomirov <[email protected]> https://virtuozzo.atlassian.net/browse/VSTOR-126504 -- v2: Add selftests and avoid exposing host bpf programs via bpf_prog_query(). Pavel Tikhomirov (2): ve/bpf: Add VE_FEATURE_BPF to allow bpf device cgroup programs per VE selftests/ve_devcg_bpf: add tests for VE_FEATURE_BPF include/uapi/linux/vzcalluser.h | 1 + kernel/bpf/syscall.c | 77 ++- .../testing/selftests/ve_devcg_bpf/.gitignore | 1 + tools/testing/selftests/ve_devcg_bpf/Makefile | 7 + .../ve_devcg_bpf/ve_devcg_bpf_test.c | 610 ++++++++++++++++++ 5 files changed, 688 insertions(+), 8 deletions(-) create mode 100644 tools/testing/selftests/ve_devcg_bpf/.gitignore create mode 100644 tools/testing/selftests/ve_devcg_bpf/Makefile create mode 100644 tools/testing/selftests/ve_devcg_bpf/ve_devcg_bpf_test.c -- 2.53.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
