On Thu, Dec 5, 2019 at 5:26 AM Jiri Olsa wrote:
> From: Daniel Borkmann
>
> Allow for audit messages to be emitted upon BPF program load and
> unload for having a timeline of events. The load itself is in
> syscall context, so additional info about the process initiating
> the BPF prog creation c
On Fri, Dec 06, 2019 at 04:11:13PM -0500, Paul Moore wrote:
SNIP
> >
> > #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY
> > || \
> > @@ -1306,6 +1307,36 @@ static int find_prog_type(enum bpf_prog_type type,
> > struct bpf_prog *prog)
> > return 0;
> > }
> >
On Fri, Dec 6, 2019 at 4:28 PM Jiri Olsa wrote:
> On Fri, Dec 06, 2019 at 04:11:13PM -0500, Paul Moore wrote:
> > Other than that, this looks good to me, and I see Steve has already
> > given the userspace portion a thumbs-up. Have you started on the
> > audit-testsuite test for this yet?
>
> yep
From: Daniel Borkmann
Allow for audit messages to be emitted upon BPF program load and
unload for having a timeline of events. The load itself is in
syscall context, so additional info about the process initiating
the BPF prog creation can be logged and later directly correlated
to the unload eve
