Re: [PATCH bpf-next] bpftool: bash-completion: Add nopasswd sudo prefix for bpftool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 2/12/25 19:00, Quentin Monnet wrote:

2025-02-12 18:14 UTC+0800 ~ Rong Tao <rtoax@xxxxxxxxxxx>

From: Rong Tao <rongtao@xxxxxxxx>

In the bpftool script of bash-completion, many bpftool commands require
superuser privileges to execute. Otherwise, Operation not permission will
be displayed. Here, we check whether ordinary users are exempt from
entering the sudo password. If so, we need to add the sudo prefix to the
bpftool command to be executed. In this way, we can obtain the correct
command completion content instead of the wrong one.

For example, when updating array_of_maps, the wrong 'hex' is completed:

     $ sudo bpftool map update name arr_maps key 0 0 0 0 value [tab]
     $ sudo bpftool map update name arr_maps key 0 0 0 0 value hex

However, what we need is "id name pinned". Similarly, there is the same
problem in getting the map 'name' and 'id':

     $ sudo bpftool map show name [tab] < get nothing
     $ sudo bpftool map show id [tab]   < get nothing

This commit fixes the issue.

     $ sudo bpftool map update name arr_maps key 0 0 0 0 value [tab]
     id      name    pinned

     $ sudo bpftool map show name
     arr_maps         cgroup_hash      inner_arr1       inner_arr2

     $ sudo bpftool map show id
     11    1383  4091  4096

Signed-off-by: Rong Tao <rongtao@xxxxxxxx>

Hi, thanks for the patch.

I agree it's annoying to have a partially-working completion for
non-root users, however, I don't feel very comfortable introducing calls
to "sudo" in bash completion, without the user noticing. For what it's
worth, I searched other bash completion files (from
https://github.com/scop/bash-completion/) and I can't find any of them
running sudo to help complete commands, so it doesn't seem to be
something usual in completion. I think I'd rather keep the current state
(or fix the first example to have the right keywords displayed but
without running sudo).


Thanks for the reply.
Using sudo to perform bash-completion is indeed not a perfect solution. However, using "bpftool map show" to obtain map information may be the only way, and this operation requires CAP_ADMIN, which may be a compromise. There is no other way. 

Rong Tao
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux