git.ipfire.org Git - thirdparty/systemd.git/commit

author	Julia Kartseva <hex@fb.com>
	Mon, 26 Apr 2021 02:10:40 +0000 (19:10 -0700)
committer	Julia Kartseva <hex@fb.com>
	Mon, 26 Apr 2021 23:21:59 +0000 (16:21 -0700)
commit	91ce91c76c0d224556fdb002fa6c8b40bff604e0
tree	e75492297fd7038d071421cb8b29baf0ec3dc70e	tree \| snapshot
parent	b18e9fc167ff21be44a4aded536f80316aa84beb	commit \| diff

core, bpf: add socket-bind feature to unit

Add supported and install unit interface for socket-bind feature.

supported verifies that
- unified cgroup hierarchy (cgroup v2) is used
- BPF_FRAMEWORK (libbpf + clang + llvm + bpftool) was available in
compile time
- kernel supports BPF_PROG_TYPE_CGROUP_SOCK_ADDR
- bpf programs can be loaded into kernel
- bpf link can be used

install:
- load bpf_object from bpf skeleton
- resize rules map to fit socket_bind_allow and socket_bind deny rules
from cgroup context
- populate cgroup-bpf maps with rules
- get bpf programs from bpf skeleton
- attach programs to unit cgroup using bpf link
- save bpf link in the unit

src/core/meson.build		diff \| blob \| blame \| history
src/core/socket-bind.c	[new file with mode: 0644]	blob
src/core/socket-bind.h	[new file with mode: 0644]	blob
src/core/unit.c		diff \| blob \| blame \| history
src/core/unit.h		diff \| blob \| blame \| history