The mode of the following procnames are defined as 0644, 0600, 0600
and 0600 respectively in net_core_table[], normal user can not write
them, so no need to check CAP_SYS_ADMIN in the related proc_handler
function, just remove the checks.
/proc/sys/net/core/bpf_jit_enable
/proc/sys/net/core/bpf_jit_harden
/proc/sys/net/core/bpf_jit_kallsyms
/proc/sys/net/core/bpf_jit_limit
Signed-off-by: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
---
net/core/sysctl_net_core.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index cf00dd7..059352b 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -268,9 +268,6 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write,
int ret, jit_enable = *(int *)table->data;
struct ctl_table tmp = *table;
- if (write && !capable(CAP_SYS_ADMIN))
- return -EPERM;
-
tmp.data = &jit_enable;
ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
if (write && !ret) {
@@ -291,9 +288,6 @@ static int
proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
# endif /* CONFIG_HAVE_EBPF_JIT */
@@ -302,9 +296,6 @@ static int
proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
}
#endif
--
2.1.0
