Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp443112ybt; Mon, 6 Jul 2020 13:12:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGYCA057IBXDQ98l8GWupQ+zjJB74K0q0bO09Kb51+Q7j3z6pDOPgW+f5E2L32u2NxSFVP X-Received: by 2002:aa7:c808:: with SMTP id a8mr56556828edt.259.1594066358028; Mon, 06 Jul 2020 13:12:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594066358; cv=none; d=google.com; s=arc-20160816; b=a6+mpnjhxS9Od9AnrPFWKKavDFCo48wgvnRpfT8+8SThg/h/LAC/yg7O3/M9Qyn0A9 Tv4PJG0ipV3lfMh3Il2aRLigy7tZhEPC8O3nxYUzqpXnOumxicFgRim3c4t9mXuj1EZu bMsfpIHYu7AQIGP9JQSaT9d0Ri7iokt58oSkmclzZdWW7m4SJtiL+/crnQo3pWu0zPFl RcU3OTILbck96LL+X5AmhS2t4Eq2MJGSoq7MpB36WspG3umAZbKQ2itzNcvUxGcvbGtF 7kkgTvBo0nvPRn0My7e3XFMs1nlyj/RNE8xSoQrb1UGBzQ4J3dGOHjLjTYW1eh7KaPRd //2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=NH51QzKoo8vcvgmX1earnUW3W8VarBLxn3wxnDS2NOk=; b=cHgITb62m2ij2IRg0qvJ/JTxFOeIwjoSOoVGX3MGn1rhOue0N+dMHMDNqRJwvYeaNe sP6TOSs/dGvZ27jywBtuEPoTOsjCDkbkni2cJaFHjcALPw0dX29sd5VSzL6PqBb/d8lq Se02PNLZ7xWC/YIN9YvmdtZG4YpRYw6Ip2YC+N3Qq+lftXEK9HDBs9CfqV8hSxK9R08K y7jNHiCGVmW9gwLxmXSTIqGjWyS0cqey6Bx+OEiRINi6Jra7fnb3iNpzMImjhc0yddGS pdyxcoqAyFjVN7iiAGW8eIHq1ZNLVnbe/7QnGf+q5fUYrolOVM/Le1QFf1aQZ59RsslA uj/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="y1/ZKuIh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d26si13478176edp.518.2020.07.06.13.12.14; Mon, 06 Jul 2020 13:12:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="y1/ZKuIh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726661AbgGFULw (ORCPT + 99 others); Mon, 6 Jul 2020 16:11:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725860AbgGFULw (ORCPT ); Mon, 6 Jul 2020 16:11:52 -0400 Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77CB5C061755 for ; Mon, 6 Jul 2020 13:11:52 -0700 (PDT) Received: by mail-ot1-x342.google.com with SMTP id d4so32643056otk.2 for ; Mon, 06 Jul 2020 13:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NH51QzKoo8vcvgmX1earnUW3W8VarBLxn3wxnDS2NOk=; b=y1/ZKuIhjHhOsxpSw+1xMcKmg2e5dWBH3F1+AO7aZkt4nuahkvlotHPyJkqTmzHRcU dayynd91m96Pxs75SBm30PdnqAQSw9PL8yc4R6iUdxaAF1DhMjqCqX5AiCR1neYMayFs YcV2BKubqr6RmiXZqJp8NyNrKmK28zR8AhFYLntpBZX43yc4BitVunCWcr/iQBkUgeor rhyMSBQvEvS+98Wzh3MLqUIDMsOKDiXerdn7gA2pjwesgHWpial6dAPS2MAqVfiQBxqR MGIVvMl/Md/p013QyXWb4A0uMaG16Xbv1m23EGeoS82CBXGGKDuB5gOktniOknC0nkwX B2WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NH51QzKoo8vcvgmX1earnUW3W8VarBLxn3wxnDS2NOk=; b=Ow9YwVwFerpXKgrqIK4fa/Hux4RRSmaMRQGMIhOq7zJ75de/DWx/1zbtjB19F5R9JZ io98UmABqhVPLHOJVfLNachMiKNzDTZBDWz00bbiEmQlKpAEwA6wVu8GvP4lOejPz1wN 3KcMpgHmcyc1YY9fW2LTzcjEea6MIeUx8zCaHmRL4fVrFHJvRnItNK0bqBxe/Muf/Bau e5a7XMxUbdQE73kgMhXU7q5ACsPhS1I81gjiLfRwSgsAhEwAwkSmdOLLJepGA2VzO7T1 cCt8TRct82gNvbrNMzSNCHW0ec37sBLamGNCTPWX+C9GeMY7XTPy2tR9Yv8hyrpP+Cmc JS/g== X-Gm-Message-State: AOAM533tZuYywPpRsILbKTTzhAgxaLpM2ZIyLGnSKQl4DPf1Cq34Mx83 rEymWcDYC4wmjXeItNyfxIXqwHwa8EISM6Y7x+Hx6Q== X-Received: by 2002:a05:6830:1e13:: with SMTP id s19mr45133059otr.102.1594066311761; Mon, 06 Jul 2020 13:11:51 -0700 (PDT) MIME-Version: 1.0 References: <20200620212616.93894-1-zenczykowski@gmail.com> In-Reply-To: From: John Stultz Date: Mon, 6 Jul 2020 13:11:42 -0700 Message-ID: Subject: Re: [PATCH bpf v2] restore behaviour of CAP_SYS_ADMIN allowing the loading of networking bpf programs To: Alexei Starovoitov Cc: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , =?UTF-8?Q?Maciej_=C5=BBenczykowski?= , Alexei Starovoitov , Daniel Borkmann , Linux Network Development Mailing List , Linux Kernel Mailing List , BPF Mailing List , "David S . Miller" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 23, 2020 at 5:54 PM Alexei Starovoitov wrote: > On Mon, Jun 22, 2020 at 12:44 PM John Stultz wro= te: > > On Sat, Jun 20, 2020 at 2:26 PM Maciej =C5=BBenczykowski > > wrote: > > > From: Maciej =C5=BBenczykowski > > > > > > This is a fix for a regression introduced in 5.8-rc1 by: > > > commit 2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366 > > > 'bpf: Implement CAP_BPF' > > > > > > Before the above commit it was possible to load network bpf programs > > > with just the CAP_SYS_ADMIN privilege. > > > > > > The Android bpfloader happens to run in such a configuration (it has > > > SYS_ADMIN but not NET_ADMIN) and creates maps and loads bpf programs > > > for later use by Android's netd (which has NET_ADMIN but not SYS_ADMI= N). > > > > > > Cc: Alexei Starovoitov > > > Cc: Daniel Borkmann > > > Reported-by: John Stultz > > > Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF") > > > Signed-off-by: Maciej =C5=BBenczykowski > > > > Thanks so much for helping narrow this regression down and submitting t= his fix! > > It's much appreciated! > > > > Tested-by: John Stultz > > Applied to bpf tree. Thanks Hey all, Just wanted to follow up on this as I've not seen the regression fix land in 5.8-rc4 yet? Is it still pending, or did it fall through a gap? thanks -john