diff options
| author | Connor O'Brien <connoro@google.com> | 2020-02-13 21:45:22 -0800 |
|---|---|---|
| committer | Maciej Żenczykowski <maze@google.com> | 2020-02-14 23:28:44 +0000 |
| commit | 3278a1634ba320b9760804451f333e3dd61a2fe3 (patch) | |
| tree | b6a4044ec03e93de63d52857a44027d6731abce2 /progs/include | |
| parent | 83f2977da8b9a51ea665acdc6e0e336aa3781604 (diff) | |
| download | bpf-3278a1634ba320b9760804451f333e3dd61a2fe3.tar.gz | |
bpfloader: add option to set owner & group for pinned programs
Unlike maps, BPF programs currently have no natural place to declare
metadata like their desired owner & group. Add a bpf_prog_def struct
to allow setting these, located in a new "progs" section, and update
bpfloader to chown pinned programs appropriately based on this
information.
Add a #DEFINE_BPF_PROG macro to simplify adding this data for
programs. The struct name is the name of the corresponding function
with "_def" appended, which bpfloader uses to correlate a bpf_map_def
with the correct program.
Also have bpfloader set mode to 0440 for all programs, since only read
access should ever be needed
Bug: 149434314
Test: load a program that uses DEFINE_BPF_PROG and check that owner &
group are set as expected
Change-Id: I914c355f114368fe53de2c7f272d877463cba461
Signed-off-by: Connor O'Brien <connoro@google.com>
Diffstat (limited to 'progs/include')
| -rw-r--r-- | progs/include/bpf_helpers.h | 8 | ||||
| -rw-r--r-- | progs/include/bpf_map_def.h | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/progs/include/bpf_helpers.h b/progs/include/bpf_helpers.h index ac08649..605e9a4 100644 --- a/progs/include/bpf_helpers.h +++ b/progs/include/bpf_helpers.h @@ -94,3 +94,11 @@ static int (*bpf_trace_printk)(const char* fmt, int fmt_size, ...) = (void*) BPF static unsigned long long (*bpf_get_current_pid_tgid)(void) = (void*) BPF_FUNC_get_current_pid_tgid; static unsigned long long (*bpf_get_current_uid_gid)(void) = (void*) BPF_FUNC_get_current_uid_gid; static unsigned long long (*bpf_get_smp_processor_id)(void) = (void*) BPF_FUNC_get_smp_processor_id; + +#define DEFINE_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \ + const struct bpf_prog_def SEC("progs") the_prog##_def = { \ + .uid = (prog_uid), \ + .gid = (prog_gid), \ + }; \ + SEC(SECTION_NAME) \ + int the_prog diff --git a/progs/include/bpf_map_def.h b/progs/include/bpf_map_def.h index b233dc9..3aee332 100644 --- a/progs/include/bpf_map_def.h +++ b/progs/include/bpf_map_def.h @@ -67,3 +67,8 @@ struct bpf_map_def { unsigned int gid; // gid_t unsigned int mode; // mode_t }; + +struct bpf_prog_def { + unsigned int uid; + unsigned int gid; +}; |