[PATCH bpf-next] bpf: Remove unnecessary CAP_MAC_ADMIN check

Alexei Starovoitov alexei.starovoitov at gmail.com
Thu Mar 5 22:38:59 UTC 2020

On Thu, Mar 05, 2020 at 09:49:55PM +0100, KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
> While well intentioned, checking CAP_MAC_ADMIN for attaching
> BPF_MODIFY_RETURN tracing programs to "security_" functions is not
> necessary as tracing BPF programs already require CAP_SYS_ADMIN.
> Fixes: 6ba43b761c41 ("bpf: Attachment verification for BPF_MODIFY_RETURN")
> Signed-off-by: KP Singh <kpsingh at google.com>

Applied. Thanks

More information about the Linux-security-module-archive mailing list