qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/kernel
History
Jerome Marchand 8b61bf74b0 bpf,lsm: Add BPF token LSM hooks 
JIRA: https://issues.redhat.com/browse/RHEL-23649

Conflicts: Context change due to missing commits e261301c851a ("lsm:
move the remaining LSM hook comments to security/security.c") and
e1ca7129db2c ("LSM: Helpers for attribute names and filling lsm_ctx")

commit f568a3d49af9aed813a184353592efe29b0e3d16
Author: Andrii Nakryiko <andrii@kernel.org>
Date:   Tue Jan 23 18:21:08 2024 -0800

    bpf,lsm: Add BPF token LSM hooks

    Wire up bpf_token_create and bpf_token_free LSM hooks, which allow to
    allocate LSM security blob (we add `void *security` field to struct
    bpf_token for that), but also control who can instantiate BPF token.
    This follows existing pattern for BPF map and BPF prog.

    Also add security_bpf_token_allow_cmd() and security_bpf_token_capable()
    LSM hooks that allow LSM implementation to control and negate (if
    necessary) BPF token's delegation of a specific bpf_cmd and capability,
    respectively.

    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Acked-by: Paul Moore <paul@paul-moore.com>
    Link: https://lore.kernel.org/bpf/20240124022127.2379740-12-andrii@kernel.org

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
 		2024-10-15 10:49:03 +02:00
..
bpf bpf,lsm: Add BPF token LSM hooks 2024-10-15 10:49:03 +02:00
cgroup Merge: mm: update core code to v6.5 upstream 2024-09-26 17:54:14 +00:00
configs
debug
dma dma: fix call order in dmam_free_coherent 2024-09-26 12:37:18 +02:00
entry
events Merge: mm: update core code to v6.5 upstream 2024-09-26 17:54:14 +00:00
futex
gcov
irq
kcsan
livepatch
locking
module
power
printk
rcu
sched
time
trace bpf: Take into account BPF token when fetching helper protos 2024-10-15 10:49:03 +02:00
.gitignore
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
Makefile
acct.c
async.c
audit.c
audit.h
audit_fsnotify.c
audit_tree.c
audit_watch.c
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
cfi.c
compat.c
configs.c
context_tracking.c
cpu.c
cpu_pm.c
crash_core.c
crash_dump.c
cred.c
delayacct.c
dma.c
exec_domain.c
exit.c
exit.h
extable.c
fail_function.c
fork.c
freezer.c
gen_kheaders.sh
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c
kallsyms_internal.h
kallsyms_selftest.c
kallsyms_selftest.h
kcmp.c
kcov.c
kexec.c
kexec_core.c
kexec_elf.c
kexec_file.c
kexec_internal.h
kheaders.c
kprobes.c
ksyms_common.c
ksysfs.c
kthread.c
latencytop.c
module_signature.c
notifier.c
nsproxy.c
padata.c
panic.c
params.c
pid.c
pid_namespace.c
pid_sysctl.h
platform-feature.c
profile.c
ptrace.c
range.c
reboot.c
regset.c
relay.c
resource.c
resource_kunit.c
rh_messages.c
rh_messages.h
rh_shadowman.c
rseq.c
scftorture.c
scs.c
seccomp.c
signal.c
smp.c
smpboot.c
smpboot.h
softirq.c
stackleak.c
stacktrace.c
static_call.c
static_call_inline.c
stop_machine.c
sys.c powerpc/dexcr: Add DEXCR prctl interface 2024-10-04 01:55:31 -04:00
sys_ni.c
sysctl-test.c
sysctl.c
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
ucount.c
uid16.c
uid16.h
umh.c
up.c
user-return-notifier.c
user.c
user_namespace.c
usermode_driver.c
utsname.c
utsname_sysctl.c
watch_queue.c
watchdog.c
watchdog_hld.c
workqueue.c
workqueue_internal.h