summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorKP Singh <kpsingh@google.com>2020-03-29 01:43:49 +0100
committerDaniel Borkmann <daniel@iogearbox.net>2020-03-30 01:34:00 +0200
commitfc611f47f2188ade2b48ff6902d5cce8baac0c58 (patch)
treefa4363e15a618c0f4357d846f9b0b4cd20c6433c /init
parente5fb60ee4c958b92686830ecfaf5e60bbd139130 (diff)
downloadlwn-fc611f47f2188ade2b48ff6902d5cce8baac0c58.tar.gz
lwn-fc611f47f2188ade2b48ff6902d5cce8baac0c58.zip
bpf: Introduce BPF_PROG_TYPE_LSM
Introduce types and configs for bpf programs that can be attached to LSM hooks. The programs can be enabled by the config option CONFIG_BPF_LSM. Signed-off-by: KP Singh <kpsingh@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Brendan Jackman <jackmanb@google.com> Reviewed-by: Florent Revest <revest@google.com> Reviewed-by: Thomas Garnier <thgarnie@google.com> Acked-by: Yonghong Song <yhs@fb.com> Acked-by: Andrii Nakryiko <andriin@fb.com> Acked-by: James Morris <jamorris@linux.microsoft.com> Link: https://lore.kernel.org/bpf/20200329004356.27286-2-kpsingh@chromium.org
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig12
1 files changed, 12 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 20a6ac33761c..deae572d1927 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1616,6 +1616,18 @@ config KALLSYMS_BASE_RELATIVE
# end of the "standard kernel features (expert users)" menu
# syscall, maps, verifier
+
+config BPF_LSM
+ bool "LSM Instrumentation with BPF"
+ depends on BPF_SYSCALL
+ depends on SECURITY
+ depends on BPF_JIT
+ help
+ Enables instrumentation of the security hooks with eBPF programs for
+ implementing dynamic MAC and Audit Policies.
+
+ If you are unsure how to answer this question, answer N.
+
config BPF_SYSCALL
bool "Enable bpf() system call"
select BPF