qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/kernel/bpf
History
Chenbo Feng 80b7d81912 bpf: Remove the capability check for cgroup skb eBPF program 
Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN
capability while attaching the program to a cgroup only requires the
user have CAP_NET_ADMIN privilege. We can escape the capability
check when load the program just like socket filter program to make
the capability requirement consistent.

Change since v1:
Change the code style in order to be compliant with checkpatch.pl
preference

Signed-off-by: Chenbo Feng <fengc@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2017-06-02 14:24:40 -04:00
..
Makefile
arraymap.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
bpf_lru_list.c
bpf_lru_list.h
cgroup.c
core.c bpf: use different interpreter depending on required stack size 2017-05-31 19:29:48 -04:00
hashtab.c bpf: map_get_next_key to return first key on NULL 2017-04-25 11:57:45 -04:00
helpers.c
inode.c fs: constify tree_descr arrays passed to simple_fill_super() 2017-04-26 23:54:06 -04:00
lpm_trie.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
map_in_map.c
map_in_map.h
percpu_freelist.c
percpu_freelist.h
stackmap.c bpf: fix wrong exposure of map_flags into fdinfo for lpm 2017-05-25 13:44:28 -04:00
syscall.c bpf: Remove the capability check for cgroup skb eBPF program 2017-06-02 14:24:40 -04:00
verifier.c bpf: Allow CGROUP_SKB eBPF program to access sk_buff 2017-06-02 14:24:40 -04:00