Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bpf-firewall: attach with BPF_F_ALLOW_MULTI if kernel supports
Reduced version of [0]. Use BPF_F_ALLOW_MULTI attach flag for bpf-firewall if kernel supports it. Aside from addressing security issue in [0] attaching with 'multi' allows further attaching of cgroup egress, ingress hooks specified by BPFProgram=. [0] systemd/systemd@4e42210 (cherry picked from commit a442ccb) (cherry picked from commit 0af3810) (cherry picked from commit baff489)
- Loading branch information