On 11/19/25 3:47 PM, Konstantin Khorenko wrote:
On 11/7/25 16:36, Aleksei Oladko wrote:
This patch adds a mount access type to eBPF cgroup device type program
enabling the ability to specify whether a mount operation should be
allowed or denied.
https://virtuozzo.atlassian.net/browse/VSTOR-117297
Signed-off-by: Aleksei Oladko <[email protected]>
---
include/uapi/linux/bpf.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4a939c90dc2e..7ea078290688 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -7114,7 +7114,9 @@ enum {
BPF_DEVCG_ACC_MKNOD = (1ULL << 0),
BPF_DEVCG_ACC_READ = (1ULL << 1),
BPF_DEVCG_ACC_WRITE = (1ULL << 2),
+ BPF_DEVCG_ACC_MOUNT = (1ULL << 6),
};
+#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT
Can you please explain why do we need the "define" line?
This allows building a BPF program using
#ifndef BPF_DEVCG_ACC_MOUNT
and is used in libvzctl
enum {
BPF_DEVCG_DEV_BLOCK = (1ULL << 0),
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
