1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3 
4 #include "hashmap.h"
5 
6 typedef enum FilesystemParseFlags {
7         FILESYSTEM_PARSE_INVERT     = 1 << 0,
8         FILESYSTEM_PARSE_ALLOW_LIST = 1 << 1,
9         FILESYSTEM_PARSE_LOG        = 1 << 2,
10 } FilesystemParseFlags;
11 
12 typedef struct Unit Unit;
13 typedef struct Manager Manager;
14 
15 typedef struct restrict_fs_bpf restrict_fs_bpf;
16 
17 bool lsm_bpf_supported(bool initialize);
18 int lsm_bpf_setup(Manager *m);
19 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
20 int lsm_bpf_cleanup(const Unit *u);
21 int lsm_bpf_map_restrict_fs_fd(Unit *u);
22 void lsm_bpf_destroy(struct restrict_fs_bpf *prog);
23 int lsm_bpf_parse_filesystem(const char *name,
24                              Set **filesystems,
25                              FilesystemParseFlags flags,
26                              const char *unit,
27                              const char *filename,
28                              unsigned line);
29