This patch adds a mount access type to eBPF cgroup device type program enabling the ability to specify whether a mount operation should be allowed or denied.
https://virtuozzo.atlassian.net/browse/VSTOR-117297 Signed-off-by: Aleksei Oladko <[email protected]> --- include/uapi/linux/bpf.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 4a939c90dc2e..7ea078290688 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -7114,7 +7114,9 @@ enum { BPF_DEVCG_ACC_MKNOD = (1ULL << 0), BPF_DEVCG_ACC_READ = (1ULL << 1), BPF_DEVCG_ACC_WRITE = (1ULL << 2), + BPF_DEVCG_ACC_MOUNT = (1ULL << 6), }; +#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT enum { BPF_DEVCG_DEV_BLOCK = (1ULL << 0), -- 2.43.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
