projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2bdd2e7) | patch
bpf: do not freeze if bpf lsm fails to set up
authorJulia Kartseva <hex@fb.com>
Thu, 6 Jan 2022 00:34:56 +0000 (16:34 -0800)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Fri, 7 Jan 2022 07:25:45 +0000 (16:25 +0900)
commit299d9417238e0727a48ebaabb5a9de0c908ec5c8
tree20fafaa6d05456aac0e41aa9d0fd63e40ee222e2tree | snapshot
parent2bdd2e7ac9dd9db98c534e57c4bcbf41900c91e9commit | diff
bpf: do not freeze if bpf lsm fails to set up

BPF LSM is cgroup unaware and it's set up is happening in core manager.
It occures that the current implementation is too restrictive and causes
pid 1 to freeze.
Instead:
* in bpf_lsm_setup set manager->restrict_fs pointer last,
so it is an indicator that the set up was successful
* check for manager->restrict_fs before applying unit options
src/core/bpf-lsm.c diff | blob | history
src/core/execute.c diff | blob | history
src/core/manager.c diff | blob | history
https://github.com/systemd/systemd.git