On Wed, 18 Oct 2017, Chenbo Feng wrote: > From: Chenbo Feng <fengc@xxxxxxxxxx> > > Implement the actual checks introduced to eBPF related syscalls. This > implementation use the security field inside bpf object to store a sid that > identify the bpf object. And when processes try to access the object, > selinux will check if processes have the right privileges. The creation > of eBPF object are also checked at the general bpf check hook and new > cmd introduced to eBPF domain can also be checked there. > > Signed-off-by: Chenbo Feng <fengc@xxxxxxxxxx> > Acked-by: Alexei Starovoitov <ast@xxxxxxxxxx> Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx> -- James Morris <james.l.morris@xxxxxxxxxx>
