Re: [PATCH] bpf: lirc program type should not require SYS_CAP_ADMIN

From: Alexei Starovoitov
Date: Wed Apr 12 2023 - 19:14:29 EST

Next message: Jacob Keller: "Re: [net-next Patch v7 5/6] octeontx2-pf: Add support for HTB offload"
Previous message: Pierre Asselin: "Re: [PATCH] firmware/sysfb: Fix wrong stride when bits-per-pixel is calculated"
In reply to: Sean Young: "[PATCH] bpf: lirc program type should not require SYS_CAP_ADMIN"
Next in thread: Sean Young: "Re: [PATCH] bpf: lirc program type should not require SYS_CAP_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 11, 2023 at 8:45 AM Sean Young <sean@xxxxxxxx> wrote:
>
> Make it possible to load lirc program type with just CAP_BPF.

Is it safe?
If the user can load with just CAP_BPF the FD to the prog and target_fd
will allow attach as well.

> Signed-off-by: Sean Young <sean@xxxxxxxx>
> ---
> kernel/bpf/syscall.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index adc83cb82f37..19d9265270b3 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2439,7 +2439,6 @@ static bool is_net_admin_prog_type(enum bpf_prog_type prog_type)
> case BPF_PROG_TYPE_LWT_SEG6LOCAL:
> case BPF_PROG_TYPE_SK_SKB:
> case BPF_PROG_TYPE_SK_MSG:
> - case BPF_PROG_TYPE_LIRC_MODE2:
> case BPF_PROG_TYPE_FLOW_DISSECTOR:
> case BPF_PROG_TYPE_CGROUP_DEVICE:
> case BPF_PROG_TYPE_CGROUP_SOCK:
> --
> 2.39.2
>

Next message: Jacob Keller: "Re: [net-next Patch v7 5/6] octeontx2-pf: Add support for HTB offload"
Previous message: Pierre Asselin: "Re: [PATCH] firmware/sysfb: Fix wrong stride when bits-per-pixel is calculated"
In reply to: Sean Young: "[PATCH] bpf: lirc program type should not require SYS_CAP_ADMIN"
Next in thread: Sean Young: "Re: [PATCH] bpf: lirc program type should not require SYS_CAP_ADMIN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]