On Fri, 20 Dec 2019, KP Singh wrote: > From: KP Singh <kpsingh@xxxxxxxxxx> > > * Load a BPF program that audits mprotect calls > * Attach the program to the "file_mprotect" LSM hook > * Verify if the program is actually loading by reading > securityfs > * Initialize the perf events buffer and poll for audit events > * Do an mprotect on some memory allocated on the heap > * Verify if the audit event was received > > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx> Good to see! Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
