xref: /linux/Documentation/bpf/fs_kfuncs.rst (revision 24b10e5f8e0d2bee1a10fc67011ea5d936c1a389)
1.. SPDX-License-Identifier: GPL-2.0
2
3.. _fs_kfuncs-header-label:
4
5=====================
6BPF filesystem kfuncs
7=====================
8
9BPF LSM programs need to access filesystem data from LSM hooks. The following
10BPF kfuncs can be used to get these data.
11
12 * ``bpf_get_file_xattr()``
13
14 * ``bpf_get_fsverity_digest()``
15
16To avoid recursions, these kfuncs follow the following rules:
17
181. These kfuncs are only permitted from BPF LSM function.
192. These kfuncs should not call into other LSM hooks, i.e. security_*(). For
20   example, ``bpf_get_file_xattr()`` does not use ``vfs_getxattr()``, because
21   the latter calls LSM hook ``security_inode_getxattr``.
22