[Devel] [PATCH vz10] bpf: add mount access type to eBPF cgroup program
Aleksei Oladko
aleksey.oladko at virtuozzo.com
Fri Nov 7 18:36:27 MSK 2025
This patch adds a mount access type to eBPF cgroup device type program
enabling the ability to specify whether a mount operation should be
allowed or denied.
https://virtuozzo.atlassian.net/browse/VSTOR-117297
Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
---
include/uapi/linux/bpf.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4a939c90dc2e..7ea078290688 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -7114,7 +7114,9 @@ enum {
BPF_DEVCG_ACC_MKNOD = (1ULL << 0),
BPF_DEVCG_ACC_READ = (1ULL << 1),
BPF_DEVCG_ACC_WRITE = (1ULL << 2),
+ BPF_DEVCG_ACC_MOUNT = (1ULL << 6),
};
+#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT
enum {
BPF_DEVCG_DEV_BLOCK = (1ULL << 0),
--
2.43.0
More information about the Devel
mailing list