Assign bpfloader with CAP_SYS_ADMIN (4bf47882) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 4bf47882 authored 6 years ago by Joel Fernandes

Assign bpfloader with CAP_SYS_ADMIN


bpfloader needs to load bpf programs with tracepoints in them. The
tracepoint programs are not activated but are just loaded and pinned.
The kernel expects the process doing this to have CAP_SYS_ADMIN. Since
bpfloader was intended to be a 1-shot run and exit process with security
privileges, lets assign it CAP_SYS_ADMIN so that it is able to load the
tracepoint programs.

Bug: 112334572
Change-Id: Icf9b5d95615e69f5c28dc28f021b07f49710c97d
Signed-off-by: Joel Fernandes <joelaf@google.com>

parent cb691fbc

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 1 addition and 1 deletion

Please register or to comment