From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752795AbdBFVTy (ORCPT ); Mon, 6 Feb 2017 16:19:54 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:57746 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752325AbdBFVTw (ORCPT ); Mon, 6 Feb 2017 16:19:52 -0500 Subject: Re: [PATCH net-next v2 3/3] bpf: Always test unprivileged programs To: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , References: <20170206205225.32233-1-mic@digikod.net> <20170206205225.32233-3-mic@digikod.net> CC: Arnaldo Carvalho de Melo , Daniel Borkmann , "David S . Miller" , , Shuah Khan From: Alexei Starovoitov Message-ID: <5898E84E.7080507@fb.com> Date: Mon, 6 Feb 2017 13:19:10 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <20170206205225.32233-3-mic@digikod.net> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [2620:10d:c090:200::2:1f21] X-ClientProxiedBy: MWHPR20CA0007.namprd20.prod.outlook.com (10.171.151.145) To BL2PR15MB0964.namprd15.prod.outlook.com (10.167.116.26) X-MS-Office365-Filtering-Correlation-Id: b6c46be3-71df-41c3-92ed-08d44ed5cdd2 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BL2PR15MB0964; X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0964;3:dsKaz/pGoIWgSp/2HZBcrt456J9I7VkNqlrCPwhKS3JszjuoWsMSGQgIOc+ebgV8j6bh2aaH4y+hTMlWIxQ3u0oMeqPLm7Vkeu/eW4SEyleBrttPGqMEjXgpnK/zJIFCPrKFC/CGMgayn4k6/sYaYxNRouPNINH86SFrYRfuCEZZkLNiUHIt6YsrfBnBplNfiLs+9bZsg7O3P9FH7BkX83K7mavBevRO3qYDcARpwzx5NmiojWgunEpqomIEZabIuD2kf5pqHNdyfkjvspJSDQ==;25:LgivxS7VAq54dx3JSItcVoRk8iMqnjJjw+kC/MAVXCPs791B5JJzo/R5pYBDa1EUEKl1uK7mhEf4FyKFu4tN5Ga8PQY2ozcoN7jcP4Ro9tt+lR32PsxHgnGMVPvx6IMAT0jgDHRZ4jq50ZQosQCMmg8Rvs9w9n47OMNjMOdb2lnHlV9yRWok9UtVxDi9IONfn/frWRUxoP5Q7QktI/y8i5ZvfkupfqbxW9wU8l3oJ0dfQ2ZE0Z2NL4fevw+FOJEKP/Gh4NmAUZ4Y6uRrcvFxoiuDJtsJEH+UaoGRmMLDeEmHsLZy9GtFd7eZ7W/zlTi2bRNdbVmZo8QvazI924qCwND+3WEZqpHE/bUwdMEQgBLn+k2HX/BZnR5K1bHan30QWMxKh7QKrv34hCbIeNpoMMVxEXe51s4pEwRnphBlKdk4YGzM5p/mskNsZzqHUxrDQwOxhB30RTKxUkHa/qZSlg== X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0964;31:m4HfPawEfoYsj+fYlImIi/q/RhSgh13yWIQohB2+i7Rxt2gc41ZCmmWKmUSf20Z9ffh0mzXeywh886U1OSb4DpdqklXmg3hBJn7LwimDJWXmlXwQD2NAp4OvjOHY6N2L6kQwUHqb6H/K4BO2j59C2vfo4KZAB+ENFkA5bxN9vepA/q3MYivsd7MXlZGc7kwnmGNykIPUy6g3X52VK+eOtqzpH8v2/392OKdXGppGDbNHgMXJXL+8fCcill4FANNwjzGhBtzU0FA+0TvNDTN+1g==;20:8wm06FeZtpKYgF7wfPPHSJwxxYpMfv9hjH82kfYMBjjDGHsDiZX+uiDR+Aq2RKK/Eu/mLduCXV0vaVIu1pz/p1FuFb2VHsGEQYuaaraAwKLqDO87AXe2kalJqFDd7HNp3CObKXcyYisEk+cj3V1dzDOD1nuJgoTVUj6pbCsLcU2dgAOAJ0nAi7WhLi/FdioE3s33JuNTJTVPOnuPGyl/figHDL/NodZWeliwWfsBkFjwmqAh/4rLJBST6AF1z7MbQj7+U6Fjjtu7MvqbUy22JhRvixAh3IbUwBz70ZZpQQDkphQGWq+9mYaGZEIkRS6ape0LVTahcfXgEwMvWwNVB7TBm8ZPWRm1oDUFLCyrS2H6kZlXcFWn2ZbvhoJaJgDkHYFgfyrTvSSRNVYVMCo7KuPfYOlhTjOv52gqSp0HjxxKKhlEL8OBYmJuTXNiAzz0s/QnE3OXHzNOhi+yCJZCOS3hHUxS4QCZir2oSUJZBk6g/aBdKonOJ+J5XGUaXhiW X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(67672495146484); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(20170203043)(3002001)(10201501046)(6041248)(20161123562025)(20161123560025)(20161123558025)(20161123564025)(20161123555025)(6072148);SRVR:BL2PR15MB0964;BCL:0;PCL:0;RULEID:;SRVR:BL2PR15MB0964; X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0964;4:D8l7p/I3E+yB5Nm8IsUqJ45ex2oGRPVEftxyaQhHAX318q7EDO+i0x9GWrQlC/51ZQKSu5mMKpUNzY0dWAvTzjcfauJEXTaRpR0gYzMl5Eivv/Xulbyzku/JFJRti1+xQZVYMls6VpJPpP0xG5O6tmy9MH893a5kpCHeVYO5c75sMJXyBUP7lSmnnbIkVCCzePom/FyjsUqijNGhNjEqgLT6CibEu9VGJIbpkdk36bwGRlM2Icq3ZZv/jwJRMNGHFR/Z1YKgzCWJkLNVWAoKK2672TmTVFXN8/Jy0g3/YNaOFU0+eSV3d+av2kCRREmD7PLQuSbs7z6vQeUe0icPr3JBE8bGwbY3T7XCTZN+Z/lvnFyVhYJJfpFcOT5UMQuIVlbBd0x2LoohZgWX8RhwQUnFmWJ12sB8tH+3E2wNZ7vbEbydVWy3d/KIEnFn4GIof69K0J63Gwi1W4swMDrWnXjKohV4Y2L499nmRe7QXA3FpFlx0PS6aCuRlh/ynCDqKXteNSbe+u8cIusCb/mY9rhRbOQMOBIdxzD0ClKlw4vWBmrH85QlfIpwaroSdrXJVuzDwwd0dvlk1XWpsZfZ/5/qNgfx6pQDmlXJuLINbNTLdR/Vqvs0gzI/+8ZhPXrCtLZjNuryS2Fp+SWGztVywa/KJESXcNWZLzNshtl5qSTJjmPJil59B2u3lfxhNayl X-Forefront-PRVS: 0210479ED8 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(39830400002)(39450400003)(39410400002)(199003)(377454003)(189002)(24454002)(6246003)(81166006)(97736004)(4001350100001)(86362001)(81156014)(47776003)(8676002)(80316001)(189998001)(65956001)(6666003)(53546003)(23676002)(5660300001)(83506001)(65806001)(2950100002)(4326007)(2870700001)(53936002)(229853002)(64126003)(6486002)(65816999)(50466002)(38730400002)(6116002)(33656002)(25786008)(305945005)(54356999)(50986999)(87266999)(76176999)(2906002)(68736007)(54906002)(101416001)(7736002)(106356001)(42186005)(105586002)(59896002)(1706002)(92566002)(36756003)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR15MB0964;H:[IPv6:2620:10d:c082:1055:dcd8:43f4:f170:4478];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTDJQUjE1TUIwOTY0OzIzOjJtTjllOWF3VUdhVDNyNlJ5NFpCZlJkdUZX?= =?utf-8?B?SHZYMFVvczZ0MmFIZGE1Q2pmQTFRQlJja2FUQm42ajg3S2N4SnprTFBYWmpP?= =?utf-8?B?MDVaeWJNSldDNWdPbm5ickN0Y0diNng2eXVPMWRmemRRci9RUElXUi93MFM4?= =?utf-8?B?Z3hSelM4Rmo2WE5GdlBaWHZOYWc4UklsdWF5eHA2dER6N1c4UjViMUJFOHht?= =?utf-8?B?VTRaTmZXVEpRTWZDSTd6V2FCOFFxbjJkZURtdzN5VUIrWFlPcWVCNTBmS21H?= =?utf-8?B?UlVxMUN2djRJTkhTVDlDWEtjVDJwMU41dnNPYU5nd21IT3RYa3R2ZW5qeXFM?= =?utf-8?B?WjIvSEN5VnZDRHdLZ3F1K2VibllnS29zWUVPQmJKdGdtZVIxQ3o5MXRPeE9F?= =?utf-8?B?aHNuRHF5WTZJVDA4NXZHNDN0VVZPV1NyZCtuWEh0OXJFVmJiREV2dncwaERa?= =?utf-8?B?OE5iTWxnOWxBRHp3NmYzUlRWbWxJVm1QT2pSQXpIQURjTVhQcTRrZXVUYjFN?= =?utf-8?B?a1NCcGw3NkNjN3k1d0htMWk1VGl0U0tPRU50WCszcVpFaWhtUkRablFlU00r?= =?utf-8?B?Q1lmWnVKb3BZZkJZM1JnNit4Q0RnS1N1c0pZaTRaUVQxSVJkK3R5aVZDa0Mx?= =?utf-8?B?K1QveTZsQWo0UWpML2JndGQ5b2hZMkdHbWlOUVJKUEJVbTNLaFV6OGdtSC9Q?= =?utf-8?B?RGU5QnVSTHBOZGY5NXJocTJzZGJVVDR4YmFCUlFZUWkrbW41MjFXTTFwRFdx?= =?utf-8?B?S29HaFpYTng5VnRXQk9BNnhORHFoQ0VNWUdyS2hpM2lhY05TN1ArUWxpREh0?= =?utf-8?B?SnB6amIzMmFyUU5EMm11Y2p2SnNQQUwzOSt4Y0VTRTY0U2Q4SWtoMHlPU043?= =?utf-8?B?YW5rN3FFcU5UNzU4cmFQRklsQ2NpR2JmQXZKNWFHRkVyTFd0VEtLMHVqUE9G?= =?utf-8?B?WkQ1Ly9vMWk0aWg3bnYvUy8zRklLRVM0TlZGRFJOTkpBck1FSWQvdVFsMTR0?= =?utf-8?B?NFpnZUtoZEJGVGZGNEE1a3pPRUFoV1FwWkJMWG42bmNJTk15UUtxanZEem56?= =?utf-8?B?NnU1Ni9vRy9UQTNaS1VoMm1HUGZPd2d1YmplMlVYckJBWk9sNXVZaTl2Z2NG?= =?utf-8?B?SksxQ2MyQ2xuZVp0aElpam1JTWxlWVh2cnA2b3hOQ2FVRlVwZWFqWkhoQmlh?= =?utf-8?B?WWpzbGFqZENuZXA5Vy94V2h1Ukd6a0poWVNweUY4Yzd4U0FGUFA3ZzVsUGYy?= =?utf-8?B?dGlKek9KNDh3aVlKUVVoR0ZhYmN1RitzdnRRd0xlOStubDhKeHQzTzUzTEdO?= =?utf-8?B?N29sc2JNcG5ScGlWTzhpbEt2a05GVlF1L2l1NHhoK0dvaWc4OGhxZmpyYSsz?= =?utf-8?B?eGk2b2p5QUVxWTNKSjhkTkFUbFhiMHlGaWNpZzFpSmRRTXJHQkl0NEZiT0Q5?= =?utf-8?B?ZlZjd2hMWkxrZUR4d3ZKUHg4VXRjTDVnYUgwekdzZVR0VENJQnhJaFR3M3R0?= =?utf-8?B?ZmFpckZHM2ZNZlkvWjRXZzZuOEVQOTczN0FOTmV6VHlTbFVNbVdRWFNIWEV3?= =?utf-8?B?Qmt6Sm9KbzBZSEhkem9mUFJHeHJ2R1FRVTlwaS9vOGgyY0JPNXdTZnBDbjVz?= =?utf-8?B?OUphQmZmUkdqbWxFTloyV0VQUE91Q25ITDRXOTJHLzBvZ212TmVOZktqaTBO?= =?utf-8?B?K0ptQzJDcHlScFZKelhjL3V1QktJbmtLb1VLNlZnaGtmL3JPWVUwMHFxWHQx?= =?utf-8?B?T0lUMXpMY3h4NytDK0pxUlNlWUc3cUxxK3h4L0JKdncxN1F2VHNlY2lDK3Az?= =?utf-8?B?Um5SYm1PRkZFZ2t6cFhFYTBhREg4Uzhqb0lldkoyOXNTZWhkTlJRazBmemlC?= =?utf-8?Q?ErGB5aX4VRQ4uGzQNaG1dku6U01P4aD6?= X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0964;6:VgUowuB/7HaAQl2UuxVKneYZgoSDpHDM6TsPiemdIiXhS9bx/kAXs1dPG91w9Ns1kLC6RA9lUGdKxrgU7U+FlUSeicitLxNTrnB6EhzQaeaOPADI7ElFMYKU6EAMG1AcHYi2lvnZQTm/g0UMe3IVc7/imGCtlDjX6wHuiNRNg/0qe7tTGLjwlfefNy9T36mx5bJ4QkpCxZliPtsZjuwHpJjlIVLkwPiBnDmxdzc7wvE6GiJeUPe7DrOHZ4gafZUY5D5Pz4bRwJmduAxP/1s5k8leSPZoTpkkISVwFyHfV7pHd6jdZ4/e97Fahjd99oP+feUhmZ0owUG7Ch8MZIj3+umZj+hS80E+Ntm5hDXyn0zs1uX4weMWaCv/YRECnlU0LUYv83ovVXPNNiGy8+tvVw==;5:nsqsA4ZvgauxEQne7eK/ORuJyEQHv291d2LPm+g9xWprW/T7wG1aXaE58/tJd/zrw5Lqmg98x+SKheEui8z+luQ98a2Tz501Gn1G/IfMBWI8ecrrJP0sJY75xC9QMd5CYC/1M38lxobIj892QVq0Yg==;24:qr/s9y+IwrKuFigg/18dhzIe2YPI/RD1YPGAeJjqyHuJE++de+J03kciVwlWXZARTof4nJTM3mwg8IDYW/XIkfr0sKMqhmnSedyFDZRXJ7k= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0964;7:9iPpdVdbc9rtVc3Y4R0Rto7wxu+ttT3ozE9FSVs3NB5dcXnr3Bey8QsvYPAJSHOBr28GVmC6f660K35/8Z0+Bpc9zSd+Mn4KLmM5wXKiAk5cztUzhUh9ZZJnk6wzQWJa0Xd4TbRcuX3usy+bY5t37FZOW8G6kgqbv1DYOQecPDvFcB+bfE5DadrYtQ/na/yE0E7hx/6BAc+MTEluuvCKprqsXradXA5lmtj4ika1EovtS9Phcltp1gigkAZyslE3p9CQbQ4fk9LXFT0n2LeFl1CaBq9uYiva8pA7PX/TClbaVZ2bY6Dv5zEjBmmnERipyT7NnQRGXdneclRhyCGhpRis1hOn1nRCkCef75qx1Wc0Pr7WxgGqhVK7k7KvIpW9I5ejbZPedagEnE+abZbBL+AkIUGjlzI1VSFdGOdy3ZQeXhe7nUK11QydRlTsV5X7alMjJIAugcVRMPpMw4zJvc+Szym0wxQgPjjsA/w/XS6osYYOiDVtusDAb5Y9oxK4FvDEGn2Mz3fluhmwZ6txFA==;20:LersJYA0TiYXOFc/EhCs2GCjenM2lkGJvGsk1DSAuRp1wnLI522eXmN5OlAUgs56d3T99XlwZs3RrI/8RqL1ReJmg7oI0RIsCTfI/bBq6LJ+ZDwG+VMQIA0pj5L6zr0g9N/bgwPqaaEuyhUYsK3ZkS+sITLkRAxggPWvKTdo2Jo= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2017 21:19:14.3624 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR15MB0964 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-02-06_10:,, signatures=0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/6/17 12:52 PM, Mickaël Salaün wrote: > If selftests are run as root, then execute the unprivileged checks as > well. This switch from 240 to 364 tests. > > The test numbers are suffixed with "/u" when executed as unprivileged or > with "/p" when executed as privileged. > > The geteuid() check is replaced with a capability check. > > Handling capabilities requires the libcap dependency. > > Signed-off-by: Mickaël Salaün > Cc: Alexei Starovoitov > Cc: Daniel Borkmann > Cc: Shuah Khan Acked-by: Alexei Starovoitov you can keep acks when there are no changes to the patch.