[Devel] [PATCH vz10] bpf: add mount access type to eBPF cgroup program
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Nov 17 12:02:32 MSK 2025
Looks good.
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
On 11/7/25 23:36, Aleksei Oladko wrote:
> This patch adds a mount access type to eBPF cgroup device type program
> enabling the ability to specify whether a mount operation should be
> allowed or denied.
>
> https://virtuozzo.atlassian.net/browse/VSTOR-117297
>
> Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
> ---
> include/uapi/linux/bpf.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 4a939c90dc2e..7ea078290688 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -7114,7 +7114,9 @@ enum {
> BPF_DEVCG_ACC_MKNOD = (1ULL << 0),
> BPF_DEVCG_ACC_READ = (1ULL << 1),
> BPF_DEVCG_ACC_WRITE = (1ULL << 2),
> + BPF_DEVCG_ACC_MOUNT = (1ULL << 6),
> };
> +#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT
>
> enum {
> BPF_DEVCG_DEV_BLOCK = (1ULL << 0),
--
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list