Commit cac270ad authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov
Browse files

libbpf: Support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar 



To allow external admin authority to override default BPF FS location
(/sys/fs/bpf) for implicit BPF token creation, teach libbpf to recognize
LIBBPF_BPF_TOKEN_PATH envvar. If it is specified and user application
didn't explicitly specify bpf_token_path option, it will be treated
exactly like bpf_token_path option, overriding default /sys/fs/bpf
location and making BPF token mandatory.

Suggested-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-29-andrii@kernel.org
parent b73d08d1

tools/lib/bpf/libbpf.c

+6 −0
Original line number Diff line number Diff line
@@ -7604,6 +7604,12 @@ static struct bpf_object *bpf_object_open(const char *path, const void *obj_buf, 
		return ERR_PTR(-EINVAL);



	token_path = OPTS_GET(opts, bpf_token_path, NULL);

	/* if user didn't specify bpf_token_path explicitly, check if

	 * LIBBPF_BPF_TOKEN_PATH envvar was set and treat it as bpf_token_path

	 * option

	 */

	if (!token_path)

		token_path = getenv("LIBBPF_BPF_TOKEN_PATH");

	if (token_path && strlen(token_path) >= PATH_MAX)

		return ERR_PTR(-ENAMETOOLONG);

tools/lib/bpf/libbpf.h

+8 −0
Original line number Diff line number Diff line
@@ -183,6 +183,14 @@ struct bpf_object_open_opts { 
	 * that accept BPF token (e.g., map creation, BTF and program loads,

	 * etc) automatically within instantiated BPF object.

	 *

	 * If bpf_token_path is not specified, libbpf will consult

	 * LIBBPF_BPF_TOKEN_PATH environment variable. If set, it will be

	 * taken as a value of bpf_token_path option and will force libbpf to

	 * either create BPF token from provided custom BPF FS path, or will

	 * disable implicit BPF token creation, if envvar value is an empty

	 * string. bpf_token_path overrides LIBBPF_BPF_TOKEN_PATH, if both are

	 * set at the same time.

	 *

	 * Setting bpf_token_path option to empty string disables libbpf's

	 * automatic attempt to create BPF token from default BPF FS mount

	 * point (/sys/fs/bpf), in case this default behavior is undesirable.