diff options
| author | KP Singh <kpsingh@google.com> | 2020-03-29 03:43:49 +0300 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2020-03-30 02:34:00 +0300 |
| commit | fc611f47f2188ade2b48ff6902d5cce8baac0c58 (patch) | |
| tree | fa4363e15a618c0f4357d846f9b0b4cd20c6433c /init | |
| parent | e5fb60ee4c958b92686830ecfaf5e60bbd139130 (diff) | |
| download | linux-fc611f47f2188ade2b48ff6902d5cce8baac0c58.tar.xz | |
bpf: Introduce BPF_PROG_TYPE_LSM
Introduce types and configs for bpf programs that can be attached to
LSM hooks. The programs can be enabled by the config option
CONFIG_BPF_LSM.
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Brendan Jackman <jackmanb@google.com>
Reviewed-by: Florent Revest <revest@google.com>
Reviewed-by: Thomas Garnier <thgarnie@google.com>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Link: https://lore.kernel.org/bpf/20200329004356.27286-2-kpsingh@chromium.org
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 20a6ac33761c..deae572d1927 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1616,6 +1616,18 @@ config KALLSYMS_BASE_RELATIVE # end of the "standard kernel features (expert users)" menu # syscall, maps, verifier + +config BPF_LSM + bool "LSM Instrumentation with BPF" + depends on BPF_SYSCALL + depends on SECURITY + depends on BPF_JIT + help + Enables instrumentation of the security hooks with eBPF programs for + implementing dynamic MAC and Audit Policies. + + If you are unsure how to answer this question, answer N. + config BPF_SYSCALL bool "Enable bpf() system call" select BPF |