leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73a4f0407e
linux/tools/bpf
History
Quentin Monnet 73a4f0407e tools, bpftool: Make capability check account for new BPF caps 
Following the introduction of CAP_BPF, and the switch from CAP_SYS_ADMIN
to other capabilities for various BPF features, update the capability
checks (and potentially, drops) in bpftool for feature probes. Because
bpftool and/or the system might not know of CAP_BPF yet, some caution is
necessary:

- If compiled and run on a system with CAP_BPF, check CAP_BPF,
  CAP_SYS_ADMIN, CAP_PERFMON, CAP_NET_ADMIN.

- Guard against CAP_BPF being undefined, to allow compiling bpftool from
  latest sources on older systems. If the system where feature probes
  are run does not know of CAP_BPF, stop checking after CAP_SYS_ADMIN,
  as this should be the only capability required for all the BPF
  probing.

- If compiled from latest sources on a system without CAP_BPF, but later
  executed on a newer system with CAP_BPF knowledge, then we only test
  CAP_SYS_ADMIN. Some probes may fail if the bpftool process has
  CAP_SYS_ADMIN but misses the other capabilities. The alternative would
  be to redefine the value for CAP_BPF in bpftool, but this does not
  look clean, and the case sounds relatively rare anyway.

Note that libcap offers a cap_to_name() function to retrieve the name of
a given capability (e.g. "cap_sys_admin"). We do not use it because
deriving the names from the macros looks simpler than using
cap_to_name() (doing a strdup() on the string) + cap_free() + handling
the case of failed allocations, when we just want to use the name of the
capability in an error message.

The checks when compiling without libcap (i.e. root versus non-root) are
unchanged.

v2:
- Do not allocate cap_list dynamically.
- Drop BPF-related capabilities when running with "unprivileged", even
  if we didn't have the full set in the first place (in v1, we would
  skip dropping them in that case).
- Keep track of what capabilities we have, print the names of the
  missing ones for privileged probing.
- Attempt to drop only the capabilities we actually have.
- Rename a couple variables.

Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200523010247.20654-1-quentin@isovalent.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2020-06-01 14:38:19 -07:00
..
bpftool tools, bpftool: Make capability check account for new BPF caps 2020-06-01 14:38:19 -07:00
runqslower bpf, runqslower: include proper uapi/bpf.h 2020-05-09 18:01:33 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
bpf_asm.c docs: networking: convert filter.txt to ReST 2020-04-28 14:39:46 -07:00
bpf_dbg.c docs: networking: convert filter.txt to ReST 2020-04-28 14:39:46 -07:00
bpf_exp.l bpf: fix cbpf parser bug for octal numbers 2018-06-03 07:46:55 -07:00
bpf_exp.y tools, bpf_asm: Warn when jumps are out of range 2019-11-07 16:01:34 +01:00
bpf_jit_disasm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 232 2019-06-19 17:09:06 +02:00
Makefile tools/bpf: Add runqslower tool to tools/bpf 2020-01-13 17:48:13 -08:00
Makefile.helpers treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00