diff options
| author | Paul Chaignon <paul.chaignon@gmail.com> | 2024-09-05 00:20:49 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-09-09 11:43:00 +0000 |
| commit | 490591b3427f073e99d02e66d247074895f6a87a (patch) | |
| tree | 6271421fe59d2a7751ecb08843ea1a4296840b3e /sys/linux/bpf_prog.txt.const | |
| parent | c0c363f4114061f288c0d36086b4ed64622d5275 (diff) | |
sys/linux: cover BPF tokens
The new BPF_TOKEN_CREATE bpf(2) command was introduced in commit [1]
upstream. This command takes a BPF filesystem fd and returns a BPF
token [2]. This token can then be passed to commands BPF_PROG_LOAD,
BPF_MAP_CREATE, and BPF_BTF_LOAD and the kernel will use it to check if
the operation is allowed. What operations a token allows is defined by
the mount options of the BPF filesystem.
No flags are currently supported for the BPF_TOKEN_CREATE command.
The fd should point to the BPF filesystem, but we don't have a specific
resource for this yet so just point to a generic fd. This command also
doesn't add support for the new mount options.
1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f96de04127
2 - https://lwn.net/Articles/947173/
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Diffstat (limited to 'sys/linux/bpf_prog.txt.const')
| -rw-r--r-- | sys/linux/bpf_prog.txt.const | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/linux/bpf_prog.txt.const b/sys/linux/bpf_prog.txt.const index 0fc5fcc37..e9a276f11 100644 --- a/sys/linux/bpf_prog.txt.const +++ b/sys/linux/bpf_prog.txt.const @@ -22,6 +22,7 @@ BPF_FUNC_ringbuf_submit = 132 BPF_FUNC_snprintf = 165 BPF_FUNC_tail_call = 12 BPF_FUNC_trace_printk = 6 +BPF_F_TOKEN_FD = 65536 BPF_H0 = 1 BPF_IMM0 = 0 BPF_IND0 = 2 |