Searched refs:CAP_BPF (Results 1 – 17 of 17) sorted by relevance
/linux/tools/testing/selftests/bpf/ |
H A D | cap_helpers.h | 12 #ifndef CAP_BPF 13 #define CAP_BPF 39 macro
|
H A D | test_loader.c | 732 1ULL << CAP_PERFMON | 1ULL << CAP_BPF); in process_subtest()
|
H A D | test_verifier.c | 75 1ULL << CAP_BPF)
|
/linux/tools/bpf/bpftool/ |
H A D | feature.c | 1049 #ifdef CAP_BPF in handle_perms() 1050 capability(CAP_BPF), in handle_perms() 1069 #ifdef CAP_BPF in handle_perms() 1070 if (CAP_IS_SUPPORTED(CAP_BPF)) in handle_perms() 1090 /* System does not know about CAP_BPF, meaning that in handle_perms() 1112 #ifdef CAP_BPF in handle_perms() 1118 #endif /* CAP_BPF */ in handle_perms()
|
/linux/include/uapi/linux/ |
H A D | capability.h | 412 #define CAP_BPF 39 macro
|
/linux/include/linux/ |
H A D | capability.h | 202 return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); in bpf_capable()
|
/linux/kernel/bpf/ |
H A D | token.c | 147 if (!ns_capable(userns, CAP_BPF)) in bpf_token_create()
|
H A D | syscall.c | 1113 if (!bpf_token_capable(token, CAP_BPF)) { in map_check_btf() 1290 if (sysctl_unprivileged_bpf_disabled && !bpf_token_capable(token, CAP_BPF)) in map_create() 1325 if (!bpf_token_capable(token, CAP_BPF)) in map_create() 2607 /* equivalent to SOCKET_FILTER. need CAP_BPF only */ in bpf_prog_load_check_attach() 2676 bpf_cap = bpf_token_capable(token, CAP_BPF); in is_perfmon_prog_type() 4954 if (!bpf_token_capable(token, CAP_BPF)) { in bpf_link_get_info_by_fd()
|
H A D | helpers.c | 1947 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in bpf_base_func_proto()
|
H A D | core.c | 691 !bpf_token_capable(fp->aux->token, CAP_BPF)) in bpf_prog_kallsyms_add()
|
H A D | verifier.c | 22335 env->bpf_capable = is_priv = bpf_token_capable(env->prog->aux->token, CAP_BPF); in bpf_check()
|
/linux/tools/testing/selftests/bpf/prog_tests/ |
H A D | unpriv_bpf_disabled.c | 13 * an old /usr/include/linux/capability.h and be < CAP_BPF; as a result 14 * CAP_BPF would not be included in ALL_CAPS. Instead use CAP_BPF as 18 #define ALL_CAPS ((2ULL << CAP_BPF) - 1)
|
H A D | tc_bpf.c | 405 ret = cap_enable_effective(1ULL << CAP_BPF | 1ULL << CAP_NET_ADMIN, &caps); in tc_bpf_non_root()
|
H A D | token.c | 59 return cap_disable_effective((1ULL << CAP_BPF) | in drop_priv_caps() 512 * CAP_BPF inside current userns to create privileged map; let's test in userns_map_create() 513 * that neither BPF token alone nor namespaced CAP_BPF is sufficient in userns_map_create() 519 /* no token, no CAP_BPF -> fail */ in userns_map_create() 528 /* token without CAP_BPF -> fail */ in userns_map_create() 537 /* get back effective local CAP_BPF (and CAP_SYS_ADMIN) */ in userns_map_create() 542 /* CAP_BPF without token -> fail */ in userns_map_create() 551 /* finally, namespaced CAP_BPF + token -> success */ in userns_map_create() 583 * CAP_BPF inside current userns to create privileged map; let's test in userns_btf_load() 584 * that neither BPF token alone nor namespaced CAP_BPF i in userns_btf_load() [all...] |
/linux/Documentation/admin-guide/sysctl/ |
H A D | net.rst | 108 CAP_BPF or CAP_SYS_ADMIN in the root user name space.
|
H A D | kernel.rst | 1597 once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` or ``CAP_BPF``
|
/linux/net/core/ |
H A D | filter.c | 8693 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in cg_skb_is_valid_access() 8705 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in cg_skb_is_valid_access()
|