leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80b7d81912
linux/kernel/bpf
History
Chenbo Feng 80b7d81912 bpf: Remove the capability check for cgroup skb eBPF program 
Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN
capability while attaching the program to a cgroup only requires the
user have CAP_NET_ADMIN privilege. We can escape the capability
check when load the program just like socket filter program to make
the capability requirement consistent.

Change since v1:
Change the code style in order to be compliant with checkpatch.pl
preference

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-02 14:24:40 -04:00
..
arraymap.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
bpf_lru_list.c bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4 2017-04-17 13:55:52 -04:00
bpf_lru_list.h bpf: Add percpu LRU list 2016-11-15 11:50:20 -05:00
cgroup.c bpf: pass sk to helper functions 2017-04-11 14:54:19 -04:00
core.c bpf: use different interpreter depending on required stack size 2017-05-31 19:29:48 -04:00
hashtab.c bpf: map_get_next_key to return first key on NULL 2017-04-25 11:57:45 -04:00
helpers.c bpf: rename ARG_PTR_TO_STACK 2017-01-09 16:56:27 -05:00
inode.c fs: constify tree_descr arrays passed to simple_fill_super() 2017-04-26 23:54:06 -04:00
lpm_trie.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
Makefile bpf: Add array of maps support 2017-03-22 15:45:45 -07:00
map_in_map.c bpf: Add array of maps support 2017-03-22 15:45:45 -07:00
map_in_map.h bpf: Add array of maps support 2017-03-22 15:45:45 -07:00
percpu_freelist.c bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
percpu_freelist.h bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
stackmap.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
syscall.c bpf: Remove the capability check for cgroup skb eBPF program 2017-06-02 14:24:40 -04:00
verifier.c bpf: Allow CGROUP_SKB eBPF program to access sk_buff 2017-06-02 14:24:40 -04:00