From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
Stanislav Fomichev <sdf@google.com>
Subject: [PATCH bpf-next v2 0/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_CGROUP_SOCKOPT
Date: Thu, 12 Aug 2021 08:30:09 -0700 [thread overview]
Message-ID: <20210812153011.983006-1-sdf@google.com> (raw)
We'd like to be able to identify netns from setsockopt hooks
to be able to do the enforcement of some options only in the
"initial" netns (to give users the ability to create clear/isolated
sandboxes if needed without any enforcement by doing unshare(net)).
v2:
- add missing CONFIG_NET
Stanislav Fomichev (2):
bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_CGROUP_SOCKOPT
selftests/bpf: verify bpf_get_netns_cookie in
BPF_PROG_TYPE_CGROUP_SOCKOPT
kernel/bpf/cgroup.c | 19 ++++++++++++++++
tools/testing/selftests/bpf/verifier/ctx.c | 25 ++++++++++++++++++++++
2 files changed, 44 insertions(+)
--
2.33.0.rc1.237.g0d66db33f3-goog
next reply other threads:[~2021-08-12 15:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-12 15:30 Stanislav Fomichev [this message]
2021-08-12 15:30 ` [PATCH bpf-next v2 1/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_CGROUP_SOCKOPT Stanislav Fomichev
2021-08-13 19:58 ` Martin KaFai Lau
2021-08-13 21:23 ` sdf
2021-08-12 15:30 ` [PATCH bpf-next v2 2/2] selftests/bpf: verify " Stanislav Fomichev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210812153011.983006-1-sdf@google.com \
--to=sdf@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.