Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> writes: > On Fri, Apr 24, 2020 at 4:40 AM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: >> >> Andrii Nakryiko <andriin@xxxxxx> writes: >> >> > This patch series adds various observability APIs to bpf_link: >> > - each bpf_link now gets ID, similar to bpf_map and bpf_prog, by which >> > user-space can iterate over all existing bpf_links and create limited FD >> > from ID; >> > - allows to get extra object information with bpf_link general and >> > type-specific information; >> > - implements `bpf link show` command which lists all active bpf_links in the >> > system; >> > - implements `bpf link pin` allowing to pin bpf_link by ID or from other >> > pinned path. >> > >> > rfc->v1: >> > - dropped read-only bpf_links (Alexei); >> >> Just to make sure I understand this right: With this change, the >> GET_FD_BY_ID operation will always return a r/w bpf_link fd that can >> subsequently be used to detach the link? And you're doing the 'access >> limiting' by just requiring CAP_SYS_ADMIN for the whole thing. Right? :) > > Right. Great! SGTM; thanks for confirming :) -Toke
