Message ID | 20210813230530.333779-1-sdf@google.com (mailing list archive) |
---|---|
Headers | show |
Series | bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_CGROUP_SOCKOPT | expand |
On Fri, Aug 13, 2021 at 04:05:28PM -0700, Stanislav Fomichev wrote: > We'd like to be able to identify netns from setsockopt hooks > to be able to do the enforcement of some options only in the > "initial" netns (to give users the ability to create clear/isolated > sandboxes if needed without any enforcement by doing unshare(net)). > > v3: > - remove extra 'ctx->skb == NULL' check (Martin KaFai Lau) > - rework test to make sure the helper is really called, not just > verified Acked-by: Martin KaFai Lau <kafai@fb.com>