Documentation: root permission/access requirements in bcc/docs/kernel-versions.md

iovisor / bcc

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

Apache License 2.0

20.34k stars 3.86k forks source link

Documentation: root permission/access requirements in bcc/docs/kernel-versions.md #3374

Open dumblob opened 3 years ago

dumblob commented 3 years ago

Despite the fact, that major Linux distributions set either kernel.unprivileged_bpf_disabled = 0 (or give capability CAP_BPF to all processes of all users) by default, I think it'd be valuable to add information about (potentially) required root permissions/access to the documentation (incl. note about kernel.unprivileged_bpf_disabled = 0 and CAP_BPF).

Namely to the table Program Types in bcc/docs/kernel-versions.md. Maybe as another column before the current first column Program Type.

yonghong-song commented 3 years ago

Yes, I think it make sense. Different program types may require different capabilities. Of course, root privilege can run all programs. The link for the patch set which introduced CAP_BPF is below: https://lore.kernel.org/bpf/20200513230355.7858-1-alexei.starovoitov@gmail.com/ Since you are mentioning this, maybe you can help make a contribution? Thanks!

dumblob commented 3 years ago

Since you are mentioning this, maybe you can help make a contribution? Thanks!

I'll leave the attribution to someone else :wink:. I'm pretty busy and I wouldn't want to to scamp it just because of that.