On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote: > David Ahern <dsah...@kernel.org> writes: > >> Implementation of Daniel's proposal for allowing DEVMAP entries to be >> a device index, program id pair. Daniel suggested an fd to specify the >> program, but that seems odd to me that you insert the value as an fd, but >> read it back as an id since the fd can be closed. > > While I can be sympathetic to the argument that it seems odd, every > other API uses FD for insert and returns ID, so why make it different > here? Also, the choice has privilege implications, since the CAP_BPF > series explicitly makes going from ID->FD a more privileged operation > than just querying the ID. >
I do not like the model where the kernel changes the value the user pushed down.
