projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1c38277) | patch
bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set
authorLennart Poettering <lennart@poettering.net>
Thu, 21 Sep 2017 18:38:07 +0000 (20:38 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 22 Sep 2017 13:28:05 +0000 (15:28 +0200)
commit9f2e6892a2e70ea3ee84d232f5f4ef3bf217ce4f
tree6a5eadb4b04d1b8996b01cec162b826e23fb7c89tree | snapshot
parent1c382774c51afb21abdb776adac57b524648bd46commit | diff
bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set

Let's permit installing BPF programs in cgroup subtrees if
Delegeate=yes. Let's not document this precise behaviour for now though,
as most likely the logic here should become recursive, but that's only
going to happen if the kernel starts supporting that. Until then,
support this in a non-recursive fashion.
src/basic/bpf-program.c diff | blob | history
src/basic/bpf-program.h diff | blob | history
src/core/bpf-firewall.c diff | blob | history
Domain: System / System Framework;