mirror of https://github.com/mkerrisk/man-pages
bpf.2: Minor tweaks to Richard Palethorpe's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
821bf91cf6
commit
35732aa7a0
10
man2/bpf.2
10
man2/bpf.2
|
@ -1124,10 +1124,13 @@ Prior to Linux 4.4, all
|
|||
.BR bpf ()
|
||||
commands require the caller to have the
|
||||
.B CAP_SYS_ADMIN
|
||||
capability. From 4.4 onwards an unprivileged user may create limited
|
||||
programs of type
|
||||
capability.
|
||||
From Linux 4.4 onwards,
|
||||
.\" commit 1be7f75d1668d6296b80bf35dcf6762393530afc
|
||||
an unprivileged user may create limited programs of type
|
||||
.BR BPF_PROG_TYPE_SOCKET_FILTER
|
||||
and associated maps. However they may not store kernel pointers within
|
||||
and associated maps.
|
||||
However they may not store kernel pointers within
|
||||
the maps and are presently limited to the following helper functions:
|
||||
.IP * 3
|
||||
get_random
|
||||
|
@ -1142,7 +1145,6 @@ ktime_get_ns
|
|||
.PP
|
||||
Unprivileged access may be blocked by setting the sysctl
|
||||
.IR /proc/sys/kernel/unprivileged_bpf_disabled .
|
||||
.\" commit 1be7f75d1668d6296b80bf35dcf6762393530afc
|
||||
.PP
|
||||
eBPF objects (maps and programs) can be shared between processes.
|
||||
For example, after
|
||||
|
|
Loading…
Reference in New Issue