On 06/25, Alexei Starovoitov wrote: > On 6/25/19 1:51 PM, Stanislav Fomichev wrote: > > On 06/25, Song Liu wrote: > >> Currently, most access to sys_bpf() is limited to root. However, there are > >> use cases that would benefit from non-privileged use of sys_bpf(), e.g. > >> systemd. > >> > >> This set introduces a new model to control the access to sys_bpf(). A > >> special device, /dev/bpf, is introduced to manage access to sys_bpf(). > >> Users with access to open /dev/bpf will be able to access most of > >> sys_bpf() features. The use can get access to sys_bpf() by opening /dev/bpf > >> and use ioctl to get/put permission. > >> > >> The permission to access sys_bpf() is marked by bit TASK_BPF_FLAG_PERMITTED > >> in task_struct. During fork(), child will not inherit this bit. > > 2c: if we are going to have an fd, I'd vote for a proper fd based access > > checks instead of a per-task flag, so we can do: > > ioctl(fd, BPF_MAP_CREATE, uattr, sizeof(uattr)) > > > > (and pass this fd around) > > > > I do understand that it breaks current assumptions that libbpf has, > > but maybe we can extend _xattr variants to accept optinal fd (and try > > to fallback to sysctl if it's absent/not working)? > > both of these ideas were discussed at lsfmm where you were present. > I'm not sure why you're bring it up again? Did we actually settle on anything? In that case feel free to ignore me, maybe I missed that. I remember there were pros/cons for both implementations.
