Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Andy Lutomirski <luto@amacapital.net>
Date: 2019-08-05 22:21:13
Also in:
bpf, linux-security-module, netdev
Possibly related (same subject, not in this thread)
- 2019-06-28 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Christian Brauner <christian@brauner.io>
- 2019-06-27 · Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf · Andy Lutomirski <luto@kernel.org>
On Aug 5, 2019, at 2:25 PM, Andy Lutomirski [off-list ref] wrote: On Mon, Aug 5, 2019 at 12:21 PM Alexei Starovoitov [off-list ref] wrote:
quoted
What we need is to drop privileges sooner in daemons like systemd.This is doable right now: systemd could fork off a subprocess and delegate its cgroup operations to it. It would be maybe a couple hundred lines of code. As an added benefit, that subprocess could verify that the bpf operations in question are reasonable. Alternatively, if there was a CAP_BPF_ADMIN, systemd could retain that capability and flip it on and off as needed.
I tried to look at the code and I couldn’t find it. Does systemd drop privileges at all? Can you point me at the code you’re thinking of