22 lines
		
	
	
		
			651 B
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			22 lines
		
	
	
		
			651 B
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| .. SPDX-License-Identifier: GPL-2.0
 | |
| 
 | |
| .. _fs_kfuncs-header-label:
 | |
| 
 | |
| =====================
 | |
| BPF filesystem kfuncs
 | |
| =====================
 | |
| 
 | |
| BPF LSM programs need to access filesystem data from LSM hooks. The following
 | |
| BPF kfuncs can be used to get these data.
 | |
| 
 | |
|  * ``bpf_get_file_xattr()``
 | |
| 
 | |
|  * ``bpf_get_fsverity_digest()``
 | |
| 
 | |
| To avoid recursions, these kfuncs follow the following rules:
 | |
| 
 | |
| 1. These kfuncs are only permitted from BPF LSM function.
 | |
| 2. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
 | |
|    example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
 | |
|    the latter calls LSM hook ``security_inode_getxattr``.
 |