On 4/29/20 4:45 PM, Quentin Monnet wrote:
This set allows unprivileged users to probe available features with bpftool. On Daniel's suggestion, the "unprivileged" keyword must be passed on the command line to avoid accidentally dumping a subset of the features supported by the system. When used by root, this keyword makes bpftool drop the CAP_SYS_ADMIN capability and print the features available to unprivileged users only. The first patch makes a variable global in feature.c to avoid piping too many booleans through the different functions. The second patch introduces the unprivileged probing, adding a dependency to libcap. Then the third patch makes this dependency optional, by restoring the initial behaviour (root only can probe features) if the library is not available. Cc: Richard Palethorpe <rpalethorpe@xxxxxxxx> Cc: Michael Kerrisk <mtk.manpages@xxxxxxxxx> v3: Update help message for bpftool feature probe ("unprivileged"). v2: Add "unprivileged" keyword, libcap check (patches 1 and 3 are new). Quentin Monnet (3): tools: bpftool: for "feature probe" define "full_mode" bool as global tools: bpftool: allow unprivileged users to probe features tools: bpftool: make libcap dependency optional .../bpftool/Documentation/bpftool-feature.rst | 12 +- tools/bpf/bpftool/Makefile | 13 +- tools/bpf/bpftool/bash-completion/bpftool | 2 +- tools/bpf/bpftool/feature.c | 143 +++++++++++++++--- 4 files changed, 143 insertions(+), 27 deletions(-)
Applied, thanks!