On 4/29/20 4:45 PM, Quentin Monnet wrote:
This set allows unprivileged users to probe available features with
bpftool. On Daniel's suggestion, the "unprivileged" keyword must be passed
on the command line to avoid accidentally dumping a subset of the features
supported by the system. When used by root, this keyword makes bpftool drop
the CAP_SYS_ADMIN capability and print the features available to
unprivileged users only.
The first patch makes a variable global in feature.c to avoid piping too
many booleans through the different functions. The second patch introduces
the unprivileged probing, adding a dependency to libcap. Then the third
patch makes this dependency optional, by restoring the initial behaviour
(root only can probe features) if the library is not available.
Cc: Richard Palethorpe <[email protected]>
Cc: Michael Kerrisk <[email protected]>
v3: Update help message for bpftool feature probe ("unprivileged").
v2: Add "unprivileged" keyword, libcap check (patches 1 and 3 are new).
Quentin Monnet (3):
tools: bpftool: for "feature probe" define "full_mode" bool as global
tools: bpftool: allow unprivileged users to probe features
tools: bpftool: make libcap dependency optional
.../bpftool/Documentation/bpftool-feature.rst | 12 +-
tools/bpf/bpftool/Makefile | 13 +-
tools/bpf/bpftool/bash-completion/bpftool | 2 +-
tools/bpf/bpftool/feature.c | 143 +++++++++++++++---
4 files changed, 143 insertions(+), 27 deletions(-)
Applied, thanks!
