linux/samples
Alexei Starovoitov 7f67763337 bpf: introduce BPF_F_ALLOW_OVERRIDE flag
If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command
to the given cgroup the descendent cgroup will be able to override
effective bpf program that was inherited from this cgroup.
By default it's not passed, therefore override is disallowed.

Examples:
1.
prog X attached to /A with default
prog Y fails to attach to /A/B and /A/B/C
Everything under /A runs prog X

2.
prog X attached to /A with allow_override.
prog Y fails to attach to /A/B with default (non-override)
prog M attached to /A/B with allow_override.
Everything under /A/B runs prog M only.

3.
prog X attached to /A with allow_override.
prog Y fails to attach to /A with default.
The user has to detach first to switch the mode.

In the future this behavior may be extended with a chain of
non-overridable programs.

Also fix the bug where detach from cgroup where nothing is attached
was not throwing error. Return ENOENT in such case.

Add several testcases and adjust libbpf.

Fixes: 3007098494 ("cgroup: add support for eBPF programs")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-12 21:52:19 -05:00
..
auxdisplay samples: move auxdisplay example code from Documentation 2016-09-23 11:52:32 -06:00
blackfin samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
bpf bpf: introduce BPF_F_ALLOW_OVERRIDE flag 2017-02-12 21:52:19 -05:00
configfs configfs: remove old API 2015-10-13 22:17:57 -07:00
connector make use of make variable CURDIR instead of calling pwd 2016-12-11 12:12:56 +01:00
hidraw
hw_breakpoint
kdb
kfifo
kobject
kprobes samples/kretprobe: fix the wrong type 2016-08-04 08:50:07 -04:00
livepatch livepatch: reuse module loader code to write relocations 2016-04-01 15:00:11 +02:00
mei samples: move misc-devices/mei example code from Documentation 2016-09-23 11:51:43 -06:00
mic/mpssd samples: move mic/mpssd example code from Documentation 2016-09-20 12:38:48 -06:00
pktgen samples: Add an IPv6 '-6' option to the pktgen scripts 2016-07-20 22:16:02 -07:00
rpmsg rpmsg: Allow callback to return errors 2016-09-08 22:15:25 -07:00
seccomp samples/seccomp: Support programs with >256 instructions 2016-11-01 08:58:17 -07:00
timers samples: move timers example code from Documentation 2016-09-23 11:51:58 -06:00
trace_events tracing: Have the reg function allow to fail 2016-12-09 09:13:30 -05:00
trace_printk tracing: Add trace_printk sample code 2016-06-20 09:54:21 -04:00
uhid
v4l [media] vb2: replace void *alloc_ctxs by struct device *alloc_devs 2016-07-08 14:45:07 -03:00
vfio-mdev vfio-mdev: remove some dead code 2017-01-11 12:12:37 -07:00
watchdog samples: move watchdog example code from Documentation 2016-09-23 11:52:14 -06:00
Kconfig vfio-mdev: Fix mtty sample driver building 2016-12-30 08:13:30 -07:00
Makefile vfio-mdev: Fix mtty sample driver building 2016-12-30 08:13:30 -07:00