#ifndef BPF_I_H #define BPF_I_H #include #include #include #include "bpf_insns.h" #include "bpf_ext.h" #include "config.h" #include "die.h" extern void bpf_dump_op_table(void); extern void bpf_dump_all(struct sock_fprog *bpf); extern int __bpf_validate(const struct sock_fprog *bpf); extern uint32_t bpf_run_filter(const struct sock_fprog *bpf, uint8_t *packet, size_t plen); extern void bpf_attach_to_sock(int sock, struct sock_fprog *bpf); extern void bpf_detach_from_sock(int sock); extern int enable_kernel_bpf_jit_compiler(void); extern void bpf_parse_rules(char *rulefile, struct sock_fprog *bpf, uint32_t link_type); #if defined(HAVE_TCPDUMP_LIKE_FILTER) && defined(NEED_TCPDUMP_LIKE_FILTER) extern void bpf_try_compile(const char *rulefile, struct sock_fprog *bpf, uint32_t link_type); #else static inline void bpf_try_compile(const char *rulefile, struct sock_fprog *bpf __maybe_unused, uint32_t link_type __maybe_unused) { panic("No libpcap support, cannot compile filter: %s\n", rulefile); } #endif static inline void bpf_release(struct sock_fprog *bpf) { free(bpf->filter); } #endif /* BPF_I_H */ ion> net-next plumbingsTobias Klauser
summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-12-02 09:35:31 -0600
committerEric W. Biederman <ebiederm@xmission.com>2016-12-02 20:58:41 -0600
commit19339c251607a3defc7f089511ce8561936fee45 (patch)
treebc9111556f3cdf375c0a3530420ae9da0b578342 /Documentation
parentf84df2a6f268de584a201e8911384a2d244876e3 (diff)
Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"
This reverts commit 0b3c9761d1e405514a551ed24d3ea89aea26ce14. Seth Forshee <seth.forshee@canonical.com> writes: > All right, I think 0b3c9761d1e405514a551ed24d3ea89aea26ce14 should be > reverted then. EVM is a machine-local integrity mechanism, and so it > makes sense that the signature would be based on the kernel's notion of > the uid and not the filesystem's. I added a commment explaining why the EVM hmac needs to be in the kernel's notion of uid and gid, not the filesystems to prevent remounting the filesystem and gaining unwaranted trust in files. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'Documentation')