[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190829172852.xhxtd6ruwdnhvvdt@ast-mbp.dhcp.thefacebook.com>
Date: Thu, 29 Aug 2019 10:28:54 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Song Liu <songliubraving@...com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Andy Lutomirski <luto@...capital.net>,
"davem@...emloft.net" <davem@...emloft.net>,
"peterz@...radead.org" <peterz@...radead.org>,
"rostedt@...dmis.org" <rostedt@...dmis.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
Kernel Team <Kernel-team@...com>,
"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>
Subject: Re: [PATCH v2 bpf-next 2/3] bpf: implement CAP_BPF
On Thu, Aug 29, 2019 at 06:04:42AM +0000, Song Liu wrote:
>
>
> > On Aug 28, 2019, at 10:12 PM, Alexei Starovoitov <ast@...nel.org> wrote:
> >
>
> [...]
>
> > diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> > index 44e2d640b088..91a7f25512ca 100644
> > --- a/tools/testing/selftests/bpf/test_verifier.c
> > +++ b/tools/testing/selftests/bpf/test_verifier.c
> > @@ -805,10 +805,20 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
> > }
> > }
> >
> > +struct libcap {
> > + struct __user_cap_header_struct hdr;
> > + struct __user_cap_data_struct data[2];
> > +};
> > +
>
> I am confused by struct libcap. Why do we need it?
because libcap is not compatible with new kernel.
It needs to be recompiled with new capability.h
Otherwise it limits max to CAP_AUDIT_READ
Any value higher it will error during cap_get_flag.
And will silently ignore it during cap_set_flag.
Not a great library decision.
Thankfully this struct above is exactly the kernel api.
One doesn't really need libcap. It's imo easier to do without it.
Powered by blists - more mailing lists