[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH3MdRUTcd7rjum12HBtrQ_nmyx0LvdOokZmA1YuhP2WtGfJqA@mail.gmail.com>
Date: Wed, 18 Dec 2019 23:19:14 -0800
From: Y Song <ys114321@...il.com>
To: Edwin Peer <epeer@...iper.net>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"ast@...nel.org" <ast@...nel.org>,
"daniel@...earbox.net" <daniel@...earbox.net>,
bpf <bpf@...r.kernel.org>
Subject: Re: [RFC PATCH bpf-next 0/2] unprivileged BPF_PROG_TEST_RUN
Added cc to bpf@...r.kernel.org.
For bpf related patches, please cc bpf@...r.kernel.org which is major
place for bpf discussions.
On Wed, Dec 18, 2019 at 6:16 PM Edwin Peer <epeer@...iper.net> wrote:
>
> Being able to load, verify and test BPF programs in unprivileged
> build environments is desirable. The two phase load and then
> test API makes this goal difficult to achieve, since relaxing
> permissions for BPF_PROG_TEST_RUN alone would be insufficient.
>
> The approach taken in this proposal defers CAP_SYS_ADMIN checks
> until program attach time in order to unencumber BPF_PROG_LOAD.
I like the idea to *test* bpf program in unprivileged mode as sudo always
has some risk to break the development server.
Have you tried your patch with some bpf programs? verifier and jit put some
restrictions on unpriv programs. To truely test the program, most if
not all these
restrictions should be lifted, so the same tested program should be able to
run on production server and vice verse.
>
> Edwin Peer (2):
> bpf: defer capability checks until program attach
> bpf: relax CAP_SYS_ADMIN requirement for BPF_PROG_TEST_RUN
>
> include/linux/filter.h | 3 ++-
> kernel/bpf/syscall.c | 27 +++++++++++++++++----------
> 2 files changed, 19 insertions(+), 11 deletions(-)
>
> --
> 2.24.1
Powered by blists - more mailing lists