diff options
author | Julia Kartseva <hex@fb.com> | 2021-11-04 18:55:55 -0700 |
---|---|---|
committer | Julia Kartseva <hex@fb.com> | 2021-11-11 00:09:15 -0800 |
commit | dedca960afdee5797d19929c43853513711e3e3d (patch) | |
tree | 0161fde0a52f43a4f3aa25fbec97eed2b00750d8 | |
parent | 084d0849fc864b0377551b211def7a89b642c5e9 (diff) | |
download | systemd-dedca960afdee5797d19929c43853513711e3e3d.tar.gz |
core: check fs type of BPFProgram= property path
Tests:
```
% stat --file-system --format="%T" /root/bpf/trivial/
bpf_fs
% systemd-nspawn -D/ --volatile=yes \
--property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \
--quiet -- ping -c 5 -W 1 ::1
PING ::1(::1) 56 data bytes
--- ::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4110ms
```
```
% stat --file-system --format='%T' /root/meh
btrfs
% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh
--quiet -- ping -c 5 -W 1 ::1
```
sudo ./build/systemd-nspawn \
-D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \
ping -c 1 -W 1 ::1
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms
--- ::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
-rw-r--r-- | src/core/bpf-foreign.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c index 686c14ce1f..8538792b60 100644 --- a/src/core/bpf-foreign.c +++ b/src/core/bpf-foreign.c @@ -4,8 +4,10 @@ #include "bpf-program.h" #include "cgroup.h" #include "memory-util.h" +#include "missing_magic.h" #include "mountpoint-util.h" #include "set.h" +#include "stat-util.h" typedef struct BPFForeignKey BPFForeignKey; struct BPFForeignKey { @@ -84,6 +86,14 @@ static int bpf_foreign_prepare( assert(u); assert(bpffs_path); + r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC); + if (r < 0) + return log_unit_error_errno(u, r, + "Failed to determine filesystem type of %s: %m", bpffs_path); + if (r == 0) + return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), + "Path in BPF filesystem is expected."); + r = bpf_program_new_from_bpffs_path(bpffs_path, &prog); if (r < 0) return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m"); |