|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2019-06-27 14:56:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Providing wider access to bpf()
The bpf()
system call allows user space to load a BPF program into the kernel for
execution, manipulate BPF maps, and carry out a number of other BPF-related
functions. BPF programs are verified and sandboxed, but they are still
running in a privileged context and, depending on the type of program
loaded, are capable of creating various types of mayhem. As a result, most
BPF operations, including the
loading of almost all types of BPF program, are restricted to processes with
the CAP_SYS_ADMIN capability — those running as root, as a general
rule. BPF programs are useful in many contexts, though, so there has long been
interest in making access to bpf() more
widely available. One step in that direction has been posted
by Song Liu; it works by adding a novel security-policy mechanism to the
kernel.
The bpf()
system call allows user space to load a BPF program into the kernel for
execution, manipulate BPF maps, and carry out a number of other BPF-related
functions. BPF programs are verified and sandboxed, but they are still
running in a privileged context and, depending on the type of program
loaded, are capable of creating various types of mayhem. As a result, most
BPF operations, including the
loading of almost all types of BPF program, are restricted to processes with
the CAP_SYS_ADMIN capability — those running as root, as a general
rule. BPF programs are useful in many contexts, though, so there has long been
interest in making access to bpf() more
widely available. One step in that direction has been posted
by Song Liu; it works by adding a novel security-policy mechanism to the
kernel.
