David Ahern <dsah...@kernel.org> writes: > Implementation of Daniel's proposal for allowing DEVMAP entries to be > a device index, program id pair. Daniel suggested an fd to specify the > program, but that seems odd to me that you insert the value as an fd, but > read it back as an id since the fd can be closed.
While I can be sympathetic to the argument that it seems odd, every other API uses FD for insert and returns ID, so why make it different here? Also, the choice has privilege implications, since the CAP_BPF series explicitly makes going from ID->FD a more privileged operation than just querying the ID. -Toke
