subject:"\[PATCH net\-next v2 2\/2\] bpf\: Remove the capability check for cgroup skb eBPF program"

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-07 Thread Daniel Borkmann

On 06/07/2017 12:44 AM, Chenbo Feng wrote: On 06/06/2017 09:56 AM, Daniel Borkmann wrote: On 06/02/2017 01:42 AM, Alexei Starovoitov wrote: On Wed, May 31, 2017 at 06:16:00PM -0700, Chenbo Feng wrote: From: Chenbo Feng Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN capab

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-06 Thread Chenbo Feng

On 06/06/2017 09:56 AM, Daniel Borkmann wrote: On 06/02/2017 01:42 AM, Alexei Starovoitov wrote: On Wed, May 31, 2017 at 06:16:00PM -0700, Chenbo Feng wrote: From: Chenbo Feng Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN capability while attaching the program to a cgro

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-06 Thread Daniel Borkmann

On 06/02/2017 01:42 AM, Alexei Starovoitov wrote: On Wed, May 31, 2017 at 06:16:00PM -0700, Chenbo Feng wrote: From: Chenbo Feng Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN capability while attaching the program to a cgroup only requires the user have CAP_NET_ADMIN priv

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-02 Thread David Miller

From: Chenbo Feng Date: Wed, 31 May 2017 18:16:00 -0700 > From: Chenbo Feng > > Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN > capability while attaching the program to a cgroup only requires the > user have CAP_NET_ADMIN privilege. We can escape the capability > check wh

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-01 Thread Alexei Starovoitov

On Thu, Jun 01, 2017 at 06:55:09PM -0700, Chenbo Feng wrote: > On Thu, Jun 1, 2017 at 4:42 PM, Alexei Starovoitov < > alexei.starovoi...@gmail.com> wrote: > > > On Wed, May 31, 2017 at 06:16:00PM -0700, Chenbo Feng wrote: > > > From: Chenbo Feng > > > > > > Currently loading a cgroup skb eBPF pro

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-06-01 Thread Alexei Starovoitov

On Wed, May 31, 2017 at 06:16:00PM -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN > capability while attaching the program to a cgroup only requires the > user have CAP_NET_ADMIN privilege. We can escape the capability > check

[PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

2017-05-31 Thread Chenbo Feng

From: Chenbo Feng Currently loading a cgroup skb eBPF program require a CAP_SYS_ADMIN capability while attaching the program to a cgroup only requires the user have CAP_NET_ADMIN privilege. We can escape the capability check when load the program just like socket filter program to make the capabi

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

Re: [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

[PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program

7 matches

Site Navigation

Mail list logo

Footer information