On Thu, Aug 29, 2019 at 09:44:18AM +0200, Toke Høiland-Jørgensen wrote: > Alexei Starovoitov <ast@xxxxxxxxxx> writes: > > > CAP_BPF allows the following BPF operations: > > - Loading all types of BPF programs > > - Creating all types of BPF maps except: > > - stackmap that needs CAP_TRACING > > - devmap that needs CAP_NET_ADMIN > > - cpumap that needs CAP_SYS_ADMIN > > Why CAP_SYS_ADMIN instead of CAP_NET_ADMIN for cpumap? Currently it's cap_sys_admin and I think it should stay this way because it creates kthreads.
