On 5/22/20 9:59 AM, Toke Høiland-Jørgensen wrote:
> David Ahern <dsah...@kernel.org> writes:
>> Implementation of Daniel's proposal for allowing DEVMAP entries to be
>> a device index, program id pair. Daniel suggested an fd to specify the
>> program, but that seems odd to me that you insert the value as an fd, but
>> read it back as an id since the fd can be closed.
> While I can be sympathetic to the argument that it seems odd, every
> other API uses FD for insert and returns ID, so why make it different
> here? Also, the choice has privilege implications, since the CAP_BPF
> series explicitly makes going from ID->FD a more privileged operation
> than just querying the ID.

I do not like the model where the kernel changes the value the user
pushed down.

Reply via email to