On Fri, Apr 24, 2020 at 4:40 AM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > Andrii Nakryiko <andriin@xxxxxx> writes: > > > This patch series adds various observability APIs to bpf_link: > > - each bpf_link now gets ID, similar to bpf_map and bpf_prog, by which > > user-space can iterate over all existing bpf_links and create limited FD > > from ID; > > - allows to get extra object information with bpf_link general and > > type-specific information; > > - implements `bpf link show` command which lists all active bpf_links in the > > system; > > - implements `bpf link pin` allowing to pin bpf_link by ID or from other > > pinned path. > > > > rfc->v1: > > - dropped read-only bpf_links (Alexei); > > Just to make sure I understand this right: With this change, the > GET_FD_BY_ID operation will always return a r/w bpf_link fd that can > subsequently be used to detach the link? And you're doing the 'access > limiting' by just requiring CAP_SYS_ADMIN for the whole thing. Right? :) Right. > > -Toke >
