subject:"\[PATCH bpf\] bpf\: relax inode permission check for retrieving bpf program"

Re: [PATCH bpf] bpf: relax inode permission check for retrieving bpf program

2019-05-16 Thread Chenbo Feng

On 5/16/19 11:35 AM, Alexei Starovoitov wrote: On Tue, May 14, 2019 at 7:43 PM Chenbo Feng wrote: For iptable module to load a bpf program from a pinned location, it only retrieve a loaded program and cannot change the program content so requiring a write permission for it might not be necess

Re: [PATCH bpf] bpf: relax inode permission check for retrieving bpf program

2019-05-16 Thread Alexei Starovoitov

On Tue, May 14, 2019 at 7:43 PM Chenbo Feng wrote: > > For iptable module to load a bpf program from a pinned location, it > only retrieve a loaded program and cannot change the program content so > requiring a write permission for it might not be necessary. > Also when adding or removing an unrel

[PATCH bpf] bpf: relax inode permission check for retrieving bpf program

2019-05-14 Thread Chenbo Feng

For iptable module to load a bpf program from a pinned location, it only retrieve a loaded program and cannot change the program content so requiring a write permission for it might not be necessary. Also when adding or removing an unrelated iptable rule, it might need to flush and reload the xt_bp