Skip to content

Commit ed54124

Browse files
anakryikoAlexei Starovoitov
authored andcommitted
libbpf: support BPF token path setting through LIBBPF_BPF_TOKEN_PATH envvar
To allow external admin authority to override default BPF FS location (/sys/fs/bpf) for implicit BPF token creation, teach libbpf to recognize LIBBPF_BPF_TOKEN_PATH envvar. If it is specified and user application didn't explicitly specify neither bpf_token_path nor bpf_token_fd option, it will be treated exactly like bpf_token_path option, overriding default /sys/fs/bpf location and making BPF token mandatory. Suggested-by: Alexei Starovoitov <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>
1 parent 18678cf commit ed54124

File tree

2 files changed

+21
-6
lines changed

2 files changed

+21
-6
lines changed

tools/lib/bpf/libbpf.c

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7171,11 +7171,17 @@ static struct bpf_object *bpf_object_open(const char *path, const void *obj_buf,
71717171
/* non-empty token path can't be combined with invalid token FD */
71727172
if (token_path && token_path[0] != '\0' && token_fd < 0)
71737173
return ERR_PTR(-EINVAL);
7174+
/* empty token path can't be combined with valid token FD */
7175+
if (token_path && token_path[0] == '\0' && token_fd > 0)
7176+
return ERR_PTR(-EINVAL);
7177+
/* if user didn't specify bpf_token_path/bpf_token_fd explicitly,
7178+
* check if LIBBPF_BPF_TOKEN_PATH envvar was set and treat it as
7179+
* bpf_token_path option
7180+
*/
7181+
if (token_fd == 0 && !token_path)
7182+
token_path = getenv("LIBBPF_BPF_TOKEN_PATH");
7183+
/* empty token_path is equivalent to invalid token_fd */
71747184
if (token_path && token_path[0] == '\0') {
7175-
/* empty token path can't be combined with valid token FD */
7176-
if (token_fd > 0)
7177-
return ERR_PTR(-EINVAL);
7178-
/* empty token_path is equivalent to invalid token_fd */
71797185
token_path = NULL;
71807186
token_fd = -1;
71817187
}

tools/lib/bpf/libbpf.h

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -185,8 +185,16 @@ struct bpf_object_open_opts {
185185
* attempt to create BPF token from default BPF FS mount point
186186
* (/sys/fs/bpf), in case this default behavior is undesirable.
187187
*
188+
* If bpf_token_path and bpf_token_fd are not specified, libbpf will
189+
* consult LIBBPF_BPF_TOKEN_PATH environment variable. If set, it will
190+
* be taken as a value of bpf_token_path option and will force libbpf
191+
* to either create BPF token from provided custom BPF FS path, or
192+
* will disable implicit BPF token creation, if envvar value is an
193+
* empty string.
194+
*
188195
* bpf_token_path and bpf_token_fd are mutually exclusive and only one
189-
* of those options should be set.
196+
* of those options should be set. Either of them overrides
197+
* LIBBPF_BPF_TOKEN_PATH envvar.
190198
*/
191199
int bpf_token_fd;
192200
/* Path to BPF FS mount point to derive BPF token from.
@@ -200,7 +208,8 @@ struct bpf_object_open_opts {
200208
* point (/sys/fs/bpf), in case this default behavior is undesirable.
201209
*
202210
* bpf_token_path and bpf_token_fd are mutually exclusive and only one
203-
* of those options should be set.
211+
* of those options should be set. Either of them overrides
212+
* LIBBPF_BPF_TOKEN_PATH envvar.
204213
*/
205214
const char *bpf_token_path;
206215

0 commit comments

Comments
 (0)