diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-09-21 20:38:07 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-09-22 15:28:05 +0200 |
| commit | 9f2e6892a2e70ea3ee84d232f5f4ef3bf217ce4f (patch) | |
| tree | 6a5eadb4b04d1b8996b01cec162b826e23fb7c89 /src/basic/bpf-program.c | |
| parent | 1c382774c51afb21abdb776adac57b524648bd46 (diff) | |
| download | systemd-9f2e6892a2e70ea3ee84d232f5f4ef3bf217ce4f.tar.gz | |
bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set
Let's permit installing BPF programs in cgroup subtrees if
Delegeate=yes. Let's not document this precise behaviour for now though,
as most likely the logic here should become recursive, but that's only
going to happen if the kernel starts supporting that. Until then,
support this in a non-recursive fashion.
Diffstat (limited to 'src/basic/bpf-program.c')
| -rw-r--r-- | src/basic/bpf-program.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/basic/bpf-program.c b/src/basic/bpf-program.c index 9326176743..ce6f9e4409 100644 --- a/src/basic/bpf-program.c +++ b/src/basic/bpf-program.c @@ -91,7 +91,7 @@ int bpf_program_load_kernel(BPFProgram *p, char *log_buf, size_t log_size) { return 0; } -int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path) { +int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path, uint32_t flags) { _cleanup_close_ int fd = -1; union bpf_attr attr; @@ -107,6 +107,7 @@ int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path) { .attach_type = type, .target_fd = fd, .attach_bpf_fd = p->kernel_fd, + .attach_flags = flags, }; if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0) |