Hello:
This series was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@xxxxxxxxxx>:
On Mon, 17 Mar 2025 17:40:35 +0000 you wrote:
> From: Mykyta Yatsenko <yatsenko@xxxxxxxx>
>
> Freplace programs can't be loaded from user namespace, as
> bpf_program__set_attach_target() requires searching for target prog BTF,
> which is locked under CAP_SYS_ADMIN.
> This patch set enables this use case by:
> 1. Relaxing capable check in bpf's BPF_BTF_GET_FD_BY_ID, check for CAP_BPF
> instead of CAP_SYS_ADMIN, support BPF token in attr argument.
> 2. Pass BPF token around libbpf from bpf_program__set_attach_target() to
> bpf syscall where capable check is.
> 3. Validate positive/negative scenarios in selftests
>
> [...]
Here is the summary with links:
- [bpf-next,v6,1/4] bpf: BPF token support for BPF_BTF_GET_FD_BY_ID
https://git.kernel.org/bpf/bpf-next/c/0de445d18e36
- [bpf-next,v6,2/4] bpf: return prog btf_id without capable check
https://git.kernel.org/bpf/bpf-next/c/07651ccda9ff
- [bpf-next,v6,3/4] libbpf: pass BPF token from find_prog_btf_id to BPF_BTF_GET_FD_BY_ID
https://git.kernel.org/bpf/bpf-next/c/974ef9f0d23e
- [bpf-next,v6,4/4] selftests/bpf: test freplace from user namespace
https://git.kernel.org/bpf/bpf-next/c/a024843d92cc
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
