Lines Matching full:sysctl
8 provides cgroup-bpf hook for sysctl.
11 process inside that cgroup tries to read from or write to sysctl knob in proc.
30 * ``write`` indicates whether sysctl value is being read (``0``) or written
33 * ``file_pos`` indicates file position sysctl is being accessed at, read
35 position in sysctl proc file ``read(2)`` will be reading from or ``write(2)``
37 whole sysctl value by ``bpf_sysctl_set_new_value()`` on ``write(2)`` even
39 value to the field can be used to access part of sysctl value starting from
40 specified ``file_pos``. Not all sysctl support access with ``file_pos !=
41 0``, e.g. writes to numeric sysctl entries must always be at file position
42 ``0``. See also ``kernel.sysctl_writes_strict`` sysctl.
52 * ``0`` means "reject access to sysctl";
61 Since sysctl knob is represented by a name and a value, sysctl specific BPF
64 * ``bpf_sysctl_get_name()`` to get sysctl name as it is visible in
68 sysctl into provided by BPF program buffer. This helper is available on both
69 ``read(2)`` from and ``write(2)`` to sysctl;
72 written to sysctl before actual write happens. This helper can be used only
76 written to sysctl before actual write happens. Sysctl value will be
83 BPF program sees sysctl value same way as user space does in proc filesystem,
84 i.e. as a string. Since many sysctl values represent an integer or a vector
99 sysctl name and value, parses string value to get vector of integers and uses
100 the result to make decision whether to allow or deny access to sysctl.
106 environment, for example to monitor sysctl usage or catch unreasonable values
111 opened sysctl file in proc filesystem may differ from process that is trying
114 security mechanism to limit sysctl usage.