diff options
author | Dariusz Michaluk <d.michaluk@samsung.com> | 2024-02-14 13:17:11 +0100 |
---|---|---|
committer | Dariusz Michaluk <d.michaluk@samsung.com> | 2024-02-19 18:18:00 +0100 |
commit | 4032d19f2ced8b4a3838f9390beb199bf31310e8 (patch) | |
tree | 78634496092ed5df6ff0d9785960dd174ede5af6 /doc/values/39.txt | |
parent | 3103c47605942557c5ec971aa40282782bcbc4de (diff) | |
parent | 46a71608a1c1f277922adf2a82c4ab1e4d7ad320 (diff) | |
download | libcap-4032d19f2ced8b4a3838f9390beb199bf31310e8.tar.gz libcap-4032d19f2ced8b4a3838f9390beb199bf31310e8.tar.bz2 libcap-4032d19f2ced8b4a3838f9390beb199bf31310e8.zip |
Upgrade to licap 2.69accepted/tizen/base/x/asan/20240412.003134accepted/tizen/base/x/20240225.131803accepted/tizen/base/x/20240221.211822accepted/tizen/base/toolchain/20240301.142001accepted/tizen/base/toolchain/20240301.141900accepted/tizen/base/asan/20240305.000534accepted/tizen/base/20240221.052817tizen_baseaccepted/tizen_base_x_asanaccepted/tizen_base_xaccepted/tizen_base_toolchainaccepted/tizen_base_asanaccepted/tizen_base
Change-Id: I69cf14ac1f834701395dce1fb872103ee732d926
Diffstat (limited to 'doc/values/39.txt')
-rw-r--r-- | doc/values/39.txt | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/values/39.txt b/doc/values/39.txt new file mode 100644 index 0000000..d05a5c6 --- /dev/null +++ b/doc/values/39.txt @@ -0,0 +1,33 @@ +Allows a process to manipulate aspects of the kernel +enhanced Berkeley Packet Filter (BPF) system. This is +an execution subsystem of the kernel, that manages BPF +programs. CAP_BPF permits a process to: + - create all types of BPF maps + - advanced verifier features: + - indirect variable access + - bounded loops + - BPF to BPF function calls + - scalar precision tracking + - larger complexity limits + - dead code elimination + - potentially other features + +Other capabilities can be used together with CAP_BFP to +further manipulate the BPF system: + - CAP_PERFMON relaxes the verifier checks as follows: + - BPF programs can use pointer-to-integer + conversions + - speculation attack hardening measures can be + bypassed + - bpf_probe_read to read arbitrary kernel memory is + permitted + - bpf_trace_printk to print the content of kernel + memory + - CAP_SYS_ADMIN permits the following: + - use of bpf_probe_write_user + - iteration over the system-wide loaded programs, + maps, links BTFs and convert their IDs to file + descriptors. + - CAP_PERFMON is required to load tracing programs. + - CAP_NET_ADMIN is required to load networking + programs. |