Le 05/06/2019 à 12:59, Andreas Steinmetz a écrit :
[snip]
> If there is a change for this to get accepted, sure, I'm willing to
> submit this formally (need some advice, though).
At least, you need to submit it without the RFC tag. RFC patches are not aimed
to be merged.
Regards,
Nicolas
On Mon, 2019-06-03 at 19:12 +0200, Nicolas Dichtel wrote:
> It makes sense to me.
> Do you plan to submit it formally?
>
> Looking a bit more at this topic, I see that most part of the bpf
> code uses
> capable(CAP_NET_ADMIN). I don't see why we cannot use
> ns_capable(CAP_NET_ADMIN).
If there is
On Tue, 2019-05-28 at 14:04 -0700, Song Liu wrote:
> > if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
> > type != BPF_PROG_TYPE_CGROUP_SKB &&
>
> You should extend this if () statement instead of adding another
> if () below.
Reworking the if-statement is possible but the result
Le 28/05/2019 à 18:53, Andreas Steinmetz a écrit :
> [sorry for crossposting but this affects both lists]
>
> BPF_PROG_TYPE_SCHED_CLS and BPF_PROG_TYPE_XDP should be allowed
> for CAP_NET_ADMIN capability. Nearly everything one can do with
> these program types can be done some other way with CAP_
On Tue, May 28, 2019 at 9:59 AM Andreas Steinmetz wrote:
>
> [sorry for crossposting but this affects both lists]
>
> BPF_PROG_TYPE_SCHED_CLS and BPF_PROG_TYPE_XDP should be allowed
> for CAP_NET_ADMIN capability. Nearly everything one can do with
> these program types can be done some other way w
[sorry for crossposting but this affects both lists]
BPF_PROG_TYPE_SCHED_CLS and BPF_PROG_TYPE_XDP should be allowed
for CAP_NET_ADMIN capability. Nearly everything one can do with
these program types can be done some other way with CAP_NET_ADMIN
capability (e.g. NFQUEUE), but only slower.
This c
