LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

bpf.2: Minor tweaks to Richard Palethorpe's patch 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2020-04-17 11:49:30 +02:00
parent 821bf91cf6
commit 35732aa7a0
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
man2/bpf.2
View File

@ -1124,10 +1124,13 @@ Prior to Linux 4.4, all
.BR bpf () .BR bpf ()
commands require the caller to have the commands require the caller to have the
.B CAP_SYS_ADMIN .B CAP_SYS_ADMIN
capability. From 4.4 onwards an unprivileged user may create limited capability.
programs of type From Linux 4.4 onwards,
.\" commit 1be7f75d1668d6296b80bf35dcf6762393530afc
an unprivileged user may create limited programs of type
.BR BPF_PROG_TYPE_SOCKET_FILTER .BR BPF_PROG_TYPE_SOCKET_FILTER
and associated maps. However they may not store kernel pointers within and associated maps.
However they may not store kernel pointers within
the maps and are presently limited to the following helper functions: the maps and are presently limited to the following helper functions:
.IP * 3 .IP * 3
get_random get_random
@ -1142,7 +1145,6 @@ ktime_get_ns
.PP .PP
Unprivileged access may be blocked by setting the sysctl Unprivileged access may be blocked by setting the sysctl
.IR /proc/sys/kernel/unprivileged_bpf_disabled . .IR /proc/sys/kernel/unprivileged_bpf_disabled .
.\" commit 1be7f75d1668d6296b80bf35dcf6762393530afc
.PP .PP
eBPF objects (maps and programs) can be shared between processes. eBPF objects (maps and programs) can be shared between processes.
For example, after For example, after