LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

bpf.2: srcfix: Add a note on check for unprivileged BPF_PROG_TYPE_SOCKET_FILTER programs 

In Linux 4.4, the allowed BPF helper functions that could
be called was governed by a check in sk_filter_func_proto().
Nowadays (Linux 5.6), it is I think governed by the check in
sk_filter_func_proto().

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2020-04-17 11:55:13 +02:00
parent 35732aa7a0
commit f7d706ba9b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
man2/bpf.2
View File

@ -1132,6 +1132,8 @@ an unprivileged user may create limited programs of type
and associated maps. and associated maps.
However they may not store kernel pointers within However they may not store kernel pointers within
the maps and are presently limited to the following helper functions: the maps and are presently limited to the following helper functions:
.\" [Linux 5.6] mtk: The list of available functions is, I think, governed
.\" by the check in net/core/filter.c::bpf_base_func_proto().
.IP * 3 .IP * 3
get_random get_random
.PD 0 .PD 0