Skip to content
Commit bfeb7e39 authored by Yauheni Kaliuta's avatar Yauheni Kaliuta Committed by Daniel Borkmann
Browse files

bpf: Use bpf_capable() instead of CAP_SYS_ADMIN for blinding decision



The full CAP_SYS_ADMIN requirement for blinding looks too strict nowadays.
These days given unprivileged BPF is disabled by default, the main users
for constant blinding coming from unprivileged in particular via cBPF -> eBPF
migration (e.g. old-style socket filters).

Signed-off-by: default avatarYauheni Kaliuta <ykaliuta@redhat.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220831090655.156434-1-ykaliuta@redhat.com
Link: https://lore.kernel.org/bpf/20220905090149.61221-1-ykaliuta@redhat.com
parent a02c118e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment