On Wed, 18 Oct 2017, Chenbo Feng wrote: > From: Chenbo Feng <[email protected]> > > Implement the actual checks introduced to eBPF related syscalls. This > implementation use the security field inside bpf object to store a sid that > identify the bpf object. And when processes try to access the object, > selinux will check if processes have the right privileges. The creation > of eBPF object are also checked at the general bpf check hook and new > cmd introduced to eBPF domain can also be checked there. > > Signed-off-by: Chenbo Feng <[email protected]> > Acked-by: Alexei Starovoitov <[email protected]>
Reviewed-by: James Morris <[email protected]> -- James Morris <[email protected]>
