084c700780
Cgroup v2 provides the eBPF-based device controller, which isn't currently supported by systemd. This commit aims to provide such support. There are no user-visible changes, just the device policy and whitelist start working if cgroup v2 is used.
17 lines
519 B
C
17 lines
519 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include "unit.h"
|
|
|
|
struct BPFProgram;
|
|
|
|
int bpf_devices_supported(void);
|
|
|
|
int cgroup_bpf_whitelist_device(BPFProgram *p, int type, int major, int minor, const char *acc);
|
|
int cgroup_bpf_whitelist_major(BPFProgram *p, int type, int major, const char *acc);
|
|
|
|
int cgroup_init_device_bpf(BPFProgram **ret, CGroupDevicePolicy policy, bool whitelist);
|
|
int cgroup_apply_device_bpf(Unit *u, BPFProgram *p, CGroupDevicePolicy policy, bool whitelist);
|