[PATCH bpf-next] bpf: use bpf_capable() instead of CAP_SYS_ADMIN for blinding decision
patchwork-bot+netdevbpf at kernel.org
patchwork-bot+netdevbpf at kernel.org
Fri Sep 16 20:20:15 UTC 2022
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <daniel at iogearbox.net>:
On Mon, 5 Sep 2022 12:01:49 +0300 you wrote:
> The full CAP_SYS_ADMIN requirement for blining looks too strict
> nowadays. These days given unpriv eBPF is disabled by default, the
> main users for constant blinding coming from unpriv in particular
> via cBPF -> eBPF migration (e.g. old-style socket filters).
>
> Discussion: https://lore.kernel.org/bpf/20220831090655.156434-1-ykaliuta@redhat.com/
>
> [...]
Here is the summary with links:
- [bpf-next] bpf: use bpf_capable() instead of CAP_SYS_ADMIN for blinding decision
https://git.kernel.org/bpf/bpf-next/c/bfeb7e399bac
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the Linux-security-module-archive
mailing list