bpf: Don't require mknod() permission to pin an object
security_path_mknod() seems excessive for pinning an object --
pinning an object is effectively just creating a file. It's also
redundant, as vfs_mkobj() calls security_inode_create() by itself.
This isn't strictly required -- mknod(path, S_IFREG, unused) works
to create regular files, but bpf is currently the only user in the
kernel outside of mknod() itself that uses it to create regular
(i.e. S_IFREG) files.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
1 file changed