[Sorry, first reply was to Lennart only...] Thanks. > The relevant mechanisms are implemented via eBPF, which the kernel > restricts to privileged processes, which means --user systemd will > have a hard time. I have been expecting something like that. But this is a restriction of systemd, not the kernel, right? In other words, it is possible for a privileged user to attach BPF to an unprivileged cgroup, say, using bpftool, isn't it? (I could find that out myself, but most likely not the next one:) Assuming that it is possible kernel-wise, what is systemd's take on attaching "non-systemd" BPF to some unprivileged cgroup that it manages? Will it consider that "trampling on its toes"? Jens
Re: Using IPAddressAllow/IPAddressDeny on --userscopes
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Using IPAddressAllow/IPAddressDeny on --userscopes
- From: "Farblos" <AKFKQU.9DF7RP@xxxxxxxxxxxxxxx>
- Date: Fri, 16 Dec 2022 21:53:59 +0100
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- Prev by Date: Re: Using IPAddressAllow/IPAddressDeny on --user scopes
- Next by Date: Why doesn't systemd-networkd like my DHCP server?
- Previous by thread: Trying to understand change in PCR 4 extension behavior
- Next by thread: Why doesn't systemd-networkd like my DHCP server?
- Index(es):
 |