On Thu, Dec 19, 2019 at 02:50:42PM +0000, Edwin Peer wrote: > On 12/18/19, 23:19, "Y Song" <ys114321@xxxxxxxxx> wrote: > > > Added cc to bpf@xxxxxxxxxxxxxxx. > > Thank you, I will remember to do this next time. > > > Have you tried your patch with some bpf programs? verifier and jit put some > > restrictions on unpriv programs. To truely test the program, most if not all these > > restrictions should be lifted, so the same tested program should be able to > > run on production server and vice verse. > > Agreed, I am aware of some of these differences in the load/verifier behavior with and without > CAP_SYS_ADMIN. In particular, without CAP_SYS_ADMIN programs are still restricted to 4k, some helpers are not available (spin locks, trace printk) and there are some differences in context access checks. > > I think these can be addressed incrementally, assuming folk are on board with this approach in general? What about CAP_BPF? IIRC, there are also other issues e.g. you could abuse the test interface as a packet generator (bpf_clone_redirect) which is not something fully unpriv should be doing. Thanks, Daniel
