nsresourced: Add comment about mknod() hook covering regular files

author Daan De Meyer <daan.j.demeyer@gmail.com>

Mon, 26 Jan 2026 20:39:34 +0000 (21:39 +0100)

committer Daan De Meyer <daan@amutable.com>

Thu, 5 Feb 2026 14:16:31 +0000 (15:16 +0100)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Mon, 26 Jan 2026 20:39:34 +0000 (21:39 +0100)
committer Daan De Meyer <daan@amutable.com>
Thu, 5 Feb 2026 14:16:31 +0000 (15:16 +0100)
diff --git a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c

index f022f967061187f99174b347cb8d04b3166184be..eb94659f3da279b457a54264ca07f05304657f5c 100644 (file)
--- a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
+++ b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
@@ -140,6 +140,8 @@ int BPF_PROG(userns_restrict_path_mkdir, struct path *dir, struct dentry *dentry
          return validate_path(dir, ret);
  }
  
+/* The mknod hook covers all file creations, including regular files, in case the reader is looking for a
+ * missing hook for open(). */
  SEC("lsm/path_mknod")
  int BPF_PROG(userns_restrict_path_mknod, const struct path *dir, struct dentry *dentry, umode_t mode, unsigned dev, int ret) {
          return validate_path(dir, ret);
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Mon, 26 Jan 2026 20:39:34 +0000 (21:39 +0100)
committer	Daan De Meyer <daan@amutable.com>
	Thu, 5 Feb 2026 14:16:31 +0000 (15:16 +0100)