mirror of https://github.com/mkerrisk/man-pages
bpf.2: srcfix: Add a note on check for unprivileged BPF_PROG_TYPE_SOCKET_FILTER programs
In Linux 4.4, the allowed BPF helper functions that could be called was governed by a check in sk_filter_func_proto(). Nowadays (Linux 5.6), it is I think governed by the check in sk_filter_func_proto(). Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
35732aa7a0
commit
f7d706ba9b
|
@ -1132,6 +1132,8 @@ an unprivileged user may create limited programs of type
|
|||
and associated maps.
|
||||
However they may not store kernel pointers within
|
||||
the maps and are presently limited to the following helper functions:
|
||||
.\" [Linux 5.6] mtk: The list of available functions is, I think, governed
|
||||
.\" by the check in net/core/filter.c::bpf_base_func_proto().
|
||||
.IP * 3
|
||||
get_random
|
||||
.PD 0
|
||||
|
|
Loading…
Reference in New Issue