Reposting since apparently my reply only went to Lorenz. On Wed, Jun 23, 2021 at 1:45 AM Lorenz Bauer <lmb@xxxxxxxxxxxxxx> wrote: > > On Fri, 18 Jun 2021 at 11:55, Maciej Żenczykowski > <zenczykowski@xxxxxxxxx> wrote: > > > > From: Maciej Żenczykowski <maze@xxxxxxxxxx> > > > > This reverts commit d37300ed182131f1757895a62e556332857417e5. > > > > This breaks Android userspace which expects to be able to > > fetch programs with just read permissions. > > > > See: https://cs.android.com/android/platform/superproject/+/master:frameworks/libs/net/common/native/bpf_syscall_wrappers/include/BpfSyscallWrappers.h;drc=7005c764be23d31fa1d69e826b4a2f6689a8c81e;l=124 > > As a follow up, what does Android expect to be able to do with this > read only FD? I'm not actually sure of all the use cases, but at a bare minimum: We use it for iptables xt_bpf, and to attach to cgroup net hooks and tc bpf hooks. There's also some still incomplete support for xdp. There's also non-networking stuff like gpu memory tracking and tracepoints that I know very little about - probably something perf related. So I think the answer is that mostly we expect to be able to attach it to places (iptables/cgroup/tc/xdp/....others...??)
