Commit | Line | Data |
---|---|---|
0de267d9 SL |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | .. _fs_kfuncs-header-label: | |
4 | ||
5 | ===================== | |
6 | BPF filesystem kfuncs | |
7 | ===================== | |
8 | ||
9 | BPF LSM programs need to access filesystem data from LSM hooks. The following | |
10 | BPF kfuncs can be used to get these data. | |
11 | ||
12 | * ``bpf_get_file_xattr()`` | |
13 | ||
14 | * ``bpf_get_fsverity_digest()`` | |
15 | ||
16 | To avoid recursions, these kfuncs follow the following rules: | |
17 | ||
18 | 1. These kfuncs are only permitted from BPF LSM function. | |
19 | 2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For | |
20 | example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because | |
21 | the latter calls LSM hook ``security_inode_getxattr``. |