capable_bpf_net_admin()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: capable_bpf_net_admin()
From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
Date: Wed, 17 Jun 2020 23:43:10 -0700

is
(SYS_ADMIN || BPF) && NET_ADMIN

should this not be
SYS_ADMIN || (BPF && NET_ADMIN)

?

Won't this cause a just SYS_ADMIN process to fail to load network bpf progs?

(I haven't debugged this at all, but John is reporting 5.8-rc1 fails
to load bpf progs from Android's bpfloader with EPERM error)

Or are we okay with this user space visible behavioural change?

Follow-Ups:
- Re: capable_bpf_net_admin()
  - From: Alexei Starovoitov

Prev by Date: Re: [PATCH bpf-next 11/13] tools/bpf: selftests: implement sample tcp/tcp6 bpf_iter programs
Next by Date: RE: [PATCH bpf-next 1/2] bpf: switch most helper return values from 32-bit int to 64-bit long
Previous by thread: [PATCH AUTOSEL 5.7 104/388] bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free
Next by thread: Re: capable_bpf_net_admin()
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]

Powered by Linux