On 2/11/22 11:57, Roberto Sassu wrote:
Hi I'm working on an LSM implemented with eBPF. I have a question about persistence. Is it possible to keep the attached LSM running without the user space process that attached it? Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua
Hi Roberto, Yes, it's possible if you pin the program in BPFFS. If you are using libbpf, you can use the bpf_program__pin function: https://github.com/libbpf/libbpf/blob/master/src/libbpf.h#L349-L359 If you are using libbpf-rs: https://docs.rs/libbpf-rs/0.16.0/libbpf_rs/struct.Program.html#method.pin If you are using Aya: https://docs.rs/aya/0.10.6/aya/programs/enum.Program.html#method.pin Cheers, Michal
