On Wed, 4 Oct 2017, Chenbo Feng wrote:
> int bpf_map_new_fd(struct bpf_map *map, int flags)
> {
> + if (security_bpf_map(map, OPEN_FMODE(flags)))
> + return -EPERM;
> +Don't hardcode -EPERM here, return the actual error from security_bpf_map(). > + if (security_bpf_prog(prog)) > + return -EPERM; > + Same. > + err = security_bpf(cmd, &attr, size); > + if (err) > + return -EPERM; Same. - James
