1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/bpf.h> 3 #include <bpf/bpf_helpers.h> 4 #include <bpf/bpf_tracing.h> 5 #include <errno.h> 6 #include <linux/capability.h> 7 8 struct kernel_cap_struct { 9 __u64 val; 10 } __attribute__((preserve_access_index)); 11 12 struct cred { 13 struct kernel_cap_struct cap_effective; 14 } __attribute__((preserve_access_index)); 15 16 char _license[] SEC("license") = "GPL"; 17 18 SEC("lsm.s/userns_create") 19 int BPF_PROG(test_userns_create, const struct cred *cred, int ret) 20 { 21 struct kernel_cap_struct caps = cred->cap_effective; 22 __u64 cap_mask = BIT_LL(CAP_SYS_ADMIN); 23 24 if (ret) 25 return 0; 26 27 ret = -EPERM; 28 if (caps.val & cap_mask) 29 return 0; 30 31 return -EPERM; 32 } 33