Open dumblob opened 3 years ago
Yes, I think it make sense. Different program types may require different capabilities. Of course, root privilege can run all programs. The link for the patch set which introduced CAP_BPF is below: https://lore.kernel.org/bpf/20200513230355.7858-1-alexei.starovoitov@gmail.com/ Since you are mentioning this, maybe you can help make a contribution? Thanks!
Since you are mentioning this, maybe you can help make a contribution? Thanks!
I'll leave the attribution to someone else :wink:. I'm pretty busy and I wouldn't want to to scamp it just because of that.
Despite the fact, that major Linux distributions set either
kernel.unprivileged_bpf_disabled = 0
(or give capabilityCAP_BPF
to all processes of all users) by default, I think it'd be valuable to add information about (potentially) requiredroot
permissions/access to the documentation (incl. note aboutkernel.unprivileged_bpf_disabled = 0
andCAP_BPF
).Namely to the table Program Types in
bcc/docs/kernel-versions.md
. Maybe as another column before the current first columnProgram Type
.