On Mon, 2019-06-03 at 19:12 +0200, Nicolas Dichtel wrote: > It makes sense to me. > Do you plan to submit it formally? > > Looking a bit more at this topic, I see that most part of the bpf > code uses > capable(CAP_NET_ADMIN). I don't see why we cannot use > ns_capable(CAP_NET_ADMIN). If there is a change for this to get accepted, sure, I'm willing to submit this formally (need some advice, though). As for capable vs. ns_capable, this is a bit above my knowledge of kernel internals. Regards, Andreas
