| CPC G06F 9/45558 (2013.01) [H04L 63/0227 (2013.01); G06F 2009/45595 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for managing execution of extended Berkeley Packet Filter (eBPF) program capabilities, the computer-implemented method comprising:
performing, by a computer, a comparison of a currently in use helper-identifier (helper-id) list of an eBPF program with an allowable helper-id list of the eBPF program;
determining, by the computer, whether a set of unallowable helper-ids of the eBPF program exists that is included in the currently in use helper-id list of the eBPF program but not included in the allowable helper-id list of the eBPF program based on the comparison;
generating, by the computer, a blocked helper-id list of the eBPF program that includes the set of unallowable helper-ids of the eBPF program and a corresponding unallowable capability of each respective unallowable helper-id in response to the computer determining that the set of unallowable helper-ids of the eBPF program does exist; and
removing, by the computer, the set of unallowable helper-ids and the corresponding unallowable capability of each respective unallowable helper-id from bytecode of the eBPF program in order to have only allowable helper-ids remain in the bytecode along with corresponding allowable capabilities of the eBPF program.
|