Searched refs:CAP_BPF (Results 1 – 17 of 17) sorted by relevance
| /linux/tools/testing/selftests/bpf/ |
| H A D | cap_helpers.h | 12 #ifndef CAP_BPF
13 #define CAP_BPF 39 macro
|
| H A D | test_loader.c | 732 1ULL << CAP_PERFMON | 1ULL << CAP_BPF); in process_subtest()
|
| H A D | test_verifier.c | 75 1ULL << CAP_BPF)
|
| /linux/tools/bpf/bpftool/ |
| H A D | feature.c | 1049 #ifdef CAP_BPF in handle_perms()
1050 capability(CAP_BPF), in handle_perms()
1069 #ifdef CAP_BPF in handle_perms()
1070 if (CAP_IS_SUPPORTED(CAP_BPF)) in handle_perms()
1090 /* System does not know about CAP_BPF, meaning that in handle_perms()
1112 #ifdef CAP_BPF in handle_perms()
1118 #endif /* CAP_BPF */ in handle_perms()
|
| /linux/include/uapi/linux/ |
| H A D | capability.h | 412 #define CAP_BPF 39 macro
|
| /linux/include/linux/ |
| H A D | capability.h | 202 return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); in bpf_capable()
|
| /linux/kernel/bpf/ |
| H A D | token.c | 147 if (!ns_capable(userns, CAP_BPF)) in bpf_token_create()
|
| H A D | syscall.c | 1113 if (!bpf_token_capable(token, CAP_BPF)) { in map_check_btf()
1290 if (sysctl_unprivileged_bpf_disabled && !bpf_token_capable(token, CAP_BPF)) in map_create()
1325 if (!bpf_token_capable(token, CAP_BPF)) in map_create()
2607 /* equivalent to SOCKET_FILTER. need CAP_BPF only */ in bpf_prog_load_check_attach()
2676 bpf_cap = bpf_token_capable(token, CAP_BPF); in is_perfmon_prog_type()
4954 if (!bpf_token_capable(token, CAP_BPF)) { in bpf_link_get_info_by_fd()
|
| H A D | helpers.c | 1947 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in bpf_base_func_proto()
|
| H A D | core.c | 691 !bpf_token_capable(fp->aux->token, CAP_BPF)) in bpf_prog_kallsyms_add()
|
| H A D | verifier.c | 22335 env->bpf_capable = is_priv = bpf_token_capable(env->prog->aux->token, CAP_BPF); in bpf_check()
|
| /linux/tools/testing/selftests/bpf/prog_tests/ |
| H A D | unpriv_bpf_disabled.c | 13 * an old /usr/include/linux/capability.h and be < CAP_BPF; as a result
14 * CAP_BPF would not be included in ALL_CAPS. Instead use CAP_BPF as
18 #define ALL_CAPS ((2ULL << CAP_BPF) - 1)
|
| H A D | tc_bpf.c | 405 ret = cap_enable_effective(1ULL << CAP_BPF | 1ULL << CAP_NET_ADMIN, &caps); in tc_bpf_non_root()
|
| H A D | token.c | 59 return cap_disable_effective((1ULL << CAP_BPF) | in drop_priv_caps()
512 * CAP_BPF inside current userns to create privileged map; let's test in userns_map_create()
513 * that neither BPF token alone nor namespaced CAP_BPF is sufficient in userns_map_create()
519 /* no token, no CAP_BPF -> fail */ in userns_map_create()
528 /* token without CAP_BPF -> fail */ in userns_map_create()
537 /* get back effective local CAP_BPF (and CAP_SYS_ADMIN) */ in userns_map_create()
542 /* CAP_BPF without token -> fail */ in userns_map_create()
551 /* finally, namespaced CAP_BPF + token -> success */ in userns_map_create()
583 * CAP_BPF inside current userns to create privileged map; let's test in userns_btf_load()
584 * that neither BPF token alone nor namespaced CAP_BPF i in userns_btf_load()
[all...] |
| /linux/Documentation/admin-guide/sysctl/ |
| H A D | net.rst | 108 CAP_BPF or CAP_SYS_ADMIN in the root user name space.
|
| H A D | kernel.rst | 1597 once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` or ``CAP_BPF``
|
| /linux/net/core/ |
| H A D | filter.c | 8693 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in cg_skb_is_valid_access()
8705 if (!bpf_token_capable(prog->aux->token, CAP_BPF)) in cg_skb_is_valid_access()
|