korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-03 09:04:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
826,552 Commits 113 Branches 5,293 Tags 3.6 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
7b146cebe3
Go to file
Andrey Ignatov 7b146cebe3 bpf: Sysctl hook 
Containerized applications may run as root and it may create problems
for whole host. Specifically such applications may change a sysctl and
affect applications in other containers.

Furthermore in existing infrastructure it may not be possible to just
completely disable writing to sysctl, instead such a process should be
gradual with ability to log what sysctl are being changed by a
container, investigate, limit the set of writable sysctl to currently
used ones (so that new ones can not be changed) and eventually reduce
this set to zero.

The patch introduces new program type BPF_PROG_TYPE_CGROUP_SYSCTL and
attach type BPF_CGROUP_SYSCTL to solve these problems on cgroup basis.

New program type has access to following minimal context:
	struct bpf_sysctl {
		__u32	write;
	};

Where @write indicates whether sysctl is being read (= 0) or written (=
1).

Helpers to access sysctl name and value will be introduced separately.

BPF_CGROUP_SYSCTL attach point is added to sysctl code right before
passing control to ctl_table->proc_handler so that BPF program can
either allow or deny access to sysctl.

Suggested-by: Roman Gushchin <guro@fb.com>
Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-04-12 13:54:58 -07:00
arch xtensa fixes for v5.1-rc5 2019-04-08 17:04:42 -10:00
block block: Revert v5.0 blk_mq_request_issue_directly() changes 2019-04-05 09:40:46 -06:00
certs kexec, KEYS: Make use of platform keyring for signature verify 2019-02-04 17:34:07 -05:00
crypto lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
Documentation Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2019-04-11 17:00:05 -07:00
drivers xen-netback: add reference from xenvif to backend_info to facilitate coredump analysis 2019-04-12 10:10:28 -07:00
fs bpf: Sysctl hook 2019-04-12 13:54:58 -07:00
include bpf: Sysctl hook 2019-04-12 13:54:58 -07:00
init init/main: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
ipc rhashtable: use bit_spin_locks to protect hash bucket. 2019-04-07 19:12:12 -07:00
kernel bpf: Sysctl hook 2019-04-12 13:54:58 -07:00
lib Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2019-04-11 17:00:05 -07:00
LICENSES LICENSES: Add GCC runtime library exception text 2019-01-16 14:54:15 -07:00
mm slab: fix a crash by reading /proc/slab_allocators 2019-04-07 19:23:12 -10:00
net net/smc: improve smc_conn_create reason codes 2019-04-12 10:50:56 -07:00
samples samples/bpf: fix build with new clang 2019-04-05 16:28:36 +02:00
scripts Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2019-04-11 17:00:05 -07:00
security KEYS: trusted: fix -Wvarags warning 2019-04-08 15:58:54 -07:00
sound sound fixes for 5.1-rc3 2019-03-29 14:53:33 -07:00
tools selftests: Add debugging options to pmtu.sh 2019-04-11 21:32:00 -07:00
usr user/Makefile: Fix typo and capitalization in comment section 2018-12-11 00:18:03 +09:00
virt KVM/ARM fixes for 5.1 2019-03-28 19:07:30 +01:00
.clang-format rhashtable: rename rht_for_each*continue as *from. 2019-03-21 14:01:10 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support for DT binding schema checks 2018-12-13 09:41:32 -06:00
.mailmap Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2019-04-11 17:00:05 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
Kbuild Kbuild updates for v5.1 2019-03-10 17:48:21 -07:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-08 23:39:36 -07:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2019-04-11 17:00:05 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.