[RFC PATCH 09/20] bpf: syscall: Handle Landlock ruleset maps

Next message: Dipayaan Roy: "[PATCH net-next v6 1/2] net: mana: refactor mana_get_strings() and mana_get_sset_count() to use switch"
Previous message: Justin Suess: "[RFC PATCH 08/20] bpf: Add Landlock ruleset map type"
In reply to: Justin Suess: "[RFC PATCH 08/20] bpf: Add Landlock ruleset map type"
Next in thread: Justin Suess: "[RFC PATCH 10/20] bpf: verifier: Add Landlock ruleset map support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Justin Suess

Date: Tue Apr 07 2026 - 16:07:00 EST

Allow userspace to create maps of type BPF_MAP_TYPE_LANDLOCK_RULESET via
the bpf syscall. If CONFIG_SECURITY_LANDLOCK != y, these
programs will still be accepted by the verifier but return an error at
runtime.

Signed-off-by: Justin Suess <utilityemal77@xxxxxxxxx>
---
kernel/bpf/syscall.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 274039e36465..e885451b64a0 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -48,7 +48,8 @@

#define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY || \
(map)->map_type == BPF_MAP_TYPE_CGROUP_ARRAY || \
- (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS)
+ (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS || \
+ (map)->map_type == BPF_MAP_TYPE_LANDLOCK_RULESET)
#define IS_FD_PROG_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PROG_ARRAY)
#define IS_FD_HASH(map) ((map)->map_type == BPF_MAP_TYPE_HASH_OF_MAPS)
#define IS_FD_MAP(map) (IS_FD_ARRAY(map) || IS_FD_PROG_ARRAY(map) || \
@@ -1488,6 +1489,7 @@ static int map_create(union bpf_attr *attr, bpfptr_t uattr)
case BPF_MAP_TYPE_CPUMAP:
case BPF_MAP_TYPE_ARENA:
case BPF_MAP_TYPE_INSN_ARRAY:
+ case BPF_MAP_TYPE_LANDLOCK_RULESET:
if (!bpf_token_capable(token, CAP_BPF))
goto put_token;
break;
--
2.53.0