[Devel] [PATCH RHEL10 COMMIT] bpf: add mount access type to eBPF cgroup program
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Nov 19 20:52:14 MSK 2025
The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.19.vz10
------>
commit d77eb3e2530c6baa70fb347ecc9dd64901ba9a8f
Author: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
Date: Fri Nov 7 15:36:27 2025 +0000
bpf: add mount access type to eBPF cgroup program
This patch adds a mount access type to eBPF cgroup device type program
enabling the ability to specify whether a mount operation should be
allowed or denied.
https://virtuozzo.atlassian.net/browse/VSTOR-117297
Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Feature: device_cgroup: virtualize devices visibility in CT
---
include/uapi/linux/bpf.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4a939c90dc2e4..4a79bfa87bc4f 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -7114,7 +7114,14 @@ enum {
BPF_DEVCG_ACC_MKNOD = (1ULL << 0),
BPF_DEVCG_ACC_READ = (1ULL << 1),
BPF_DEVCG_ACC_WRITE = (1ULL << 2),
+ BPF_DEVCG_ACC_MOUNT = (1ULL << 6),
};
+/*
+ * This allows building a BPF program using
+ * #ifndef BPF_DEVCG_ACC_MOUNT
+ * and is used in libvzctl.
+ */
+#define BPF_DEVCG_ACC_MOUNT BPF_DEVCG_ACC_MOUNT
enum {
BPF_DEVCG_DEV_BLOCK = (1ULL << 0),
More information about the Devel
mailing list