picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
30995 commits 2 branches 0 tags 166 MiB
Commit graph

5 commits

Author SHA1 Message Date
Lennart Poettering e583759bd1 bpf-firewall: actually invoke BPF_PROG_ATTACH to check whether cgroup/bpf is available 
Apparently that's the only way to really know whether the kernel has
CONFIG_CGROUP_BPF turned on.

Fixes: #7054
 2017-11-29 20:15:23 +01:00
Zbigniew Jędrzejewski-Szmek 53e1b68390 Add SPDX license identifiers to source files under the LGPL 
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
 2017-11-19 19:08:15 +01:00
Lennart Poettering 93e93da5cc
bpf-firewall: properly handle kernels where BPF cgroup is disabled but TRIE maps are enabled (#7298) 
So far, we assumed that kernels where TRIE was on also supported
BPF/cgroup stuff. That's not a correct assumption to make, hence check
for both features separately.

Fixes: #7054
 2017-11-13 10:56:43 +01:00
Lennart Poettering 9f2e6892a2 bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set 
Let's permit installing BPF programs in cgroup subtrees if
Delegeate=yes. Let's not document this precise behaviour for now though,
as most likely the logic here should become recursive, but that's only
going to happen if the kernel starts supporting that. Until then,
support this in a non-recursive fashion.
 2017-09-22 15:28:05 +02:00
Daniel Mack 1988a9d120 Add firewall eBPF compiler 2017-09-22 15:24:55 +02:00