Other than the mknod() patch, this is not ready for prime time. These patches try to make progress toward making bpf() more useful without privilege Andy Lutomirski (4): bpf: Respect persistent map and prog access modes bpf: Don't require mknod() permission to pin an object bpf: Add a way to mark functions as requiring privilege bpf: Allow creating all program types without privilege include/linux/bpf.h | 30 +++++++++++++++----- include/linux/bpf_verifier.h | 1 + kernel/bpf/arraymap.c | 8 +++++- kernel/bpf/cgroup.c | 6 +++- kernel/bpf/inode.c | 29 +++++++++++-------- kernel/bpf/syscall.c | 54 +++++++++++++++++++++++++----------- kernel/bpf/verifier.c | 8 ++++++ kernel/events/core.c | 5 ++-- kernel/trace/bpf_trace.c | 1 + net/core/dev.c | 4 ++- net/core/filter.c | 8 ++++-- net/netfilter/xt_bpf.c | 5 ++-- net/packet/af_packet.c | 2 +- 13 files changed, 115 insertions(+), 46 deletions(-) -- 2.21.0
