From 14054134c6b1e6e27e2a43cbe7aaaf1acc2bddca Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 26 Jan 2026 21:39:34 +0100
Subject: [PATCH] nsresourced: Add comment about mknod() hook covering regular
 files

---
 src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
index f022f967061..eb94659f3da 100644
--- a/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
+++ b/src/nsresourced/bpf/userns-restrict/userns-restrict.bpf.c
@@ -140,6 +140,8 @@ int BPF_PROG(userns_restrict_path_mkdir, struct path *dir, struct dentry *dentry
         return validate_path(dir, ret);
 }
 
+/* The mknod hook covers all file creations, including regular files, in case the reader is looking for a
+ * missing hook for open(). */
 SEC("lsm/path_mknod")
 int BPF_PROG(userns_restrict_path_mknod, const struct path *dir, struct dentry *dentry, umode_t mode, unsigned dev, int ret) {
         return validate_path(dir, ret);
-- 
2.47.3