From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 26 Jan 2026 20:39:34 +0000 (+0100)
Subject: nsresourced: Add comment about mknod() hook covering regular files
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F40564%2Fhead;p=thirdparty%2Fsystemd.git

nsresourced: Add comment about mknod() hook covering regular files
---

diff --git a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
index f022f967061..eb94659f3da 100644
--- a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
+++ b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
@@ -140,6 +140,8 @@ int BPF_PROG(userns_restrict_path_mkdir, struct path *dir, struct dentry *dentry
         return validate_path(dir, ret);
 }
 
+/* The mknod hook covers all file creations, including regular files, in case the reader is looking for a
+ * missing hook for open(). */
 SEC("lsm/path_mknod")
 int BPF_PROG(userns_restrict_path_mknod, const struct path *dir, struct dentry *dentry, umode_t mode, unsigned dev, int ret) {
         return validate_path(dir, ret);