| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2020 14:59:59 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Maciej Żenczykowski <zenczykowski@...il.com>
Cc: Maciej Żenczykowski <maze@...gle.com>,
Florian Westphal <fw@...len.de>,
Linux Network Development Mailing List
<netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org,
Chenbo Feng <fengc@...gle.com>,
Alexei Starovoitov <ast@...nel.org>,
Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH] iptables: open eBPF programs in read only mode
On Thu, Mar 19, 2020 at 08:00:15PM -0700, Maciej Żenczykowski wrote:
> From: Maciej Żenczykowski <maze@...gle.com>
>
> Adjust the mode eBPF programs are opened in so 0400 pinned bpf programs
> work without requiring CAP_DAC_OVERRIDE.
Unfortunately this is breaking stuff:
libxt_bpf.c: In function ‘bpf_obj_get_readonly’:
libxt_bpf.c:70:6: error: ‘union bpf_attr’ has no member named ‘file_flags’
70 | attr.file_flags = BPF_F_RDONLY;
| ^
libxt_bpf.c:70:20: error: ‘BPF_F_RDONLY’ undeclared (first use in this function)
70 | attr.file_flags = BPF_F_RDONLY;
| ^~~~~~~~~~~~
Powered by blists - more mailing lists