libbpf: Skip modules BTF loading when CAP_SYS_ADMIN is missing - kernel

diff options

author	Andrea Terzolo <[email protected]>	2023-06-26 09:36:14 +0000
committer	Andrii Nakryiko <[email protected]>	2023-06-30 19:27:16 +0000
commit	2d2c95162de8fc6875c9c3d39f83527ae28e2e8a (patch)
tree	3854001902f1bdeb613e907c098bfbb30179af3b /tools/lib/bpf/bpf.c
parent	selftests/bpf: Verify that the cgroup_skb filters receive expected packets. (diff)
download	kernel-2d2c95162de8fc6875c9c3d39f83527ae28e2e8a.tar.gz kernel-2d2c95162de8fc6875c9c3d39f83527ae28e2e8a.zip

libbpf: Skip modules BTF loading when CAP_SYS_ADMIN is missing

If during CO-RE relocations libbpf is not able to find the target type in the running kernel BTF, it searches for it in modules' BTF. The downside of this approach is that loading modules' BTF requires CAP_SYS_ADMIN and this prevents BPF applications from running with more granular capabilities (e.g. CAP_BPF) when they don't need to search types into modules' BTF. This patch skips by default modules' BTF loading phase when CAP_SYS_ADMIN is missing. Suggested-by: Andrii Nakryiko <[email protected]> Co-developed-by: Federico Di Pierro <[email protected]> Signed-off-by: Federico Di Pierro <[email protected]> Signed-off-by: Andrea Terzolo <[email protected]> Signed-off-by: Andrii Nakryiko <[email protected]> Link: https://lore.kernel.org/CAGQdkDvYU_e=_NX+6DRkL_-TeH3p+QtsdZwHkmH0w3Fuzw0C4w@mail.gmail.com Link: https://lore.kernel.org/bpf/[email protected]

Diffstat (limited to 'tools/lib/bpf/bpf.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: