Re: [PATCH iproute2-next] ip-vrf: recommend using CAP_BPF rather than CAP_SYS_ADMIN

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: Maximilian Bosch <maximilian@mbosch.me>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH iproute2-next] ip-vrf: recommend using CAP_BPF rather than CAP_SYS_ADMIN
Date: Mon, 14 Aug 2023 13:44:23 -0700	[thread overview]
Message-ID: <20230814134423.46036cdf@hermes.local> (raw)
In-Reply-To: <e6t4ucjdrcitzneh2imygsaxyb2aasxfn2q2a4zh5yqdx3vold@kutwh5kwixva>

On Wed, 9 Aug 2023 11:26:36 +0200
Maximilian Bosch <maximilian@mbosch.me> wrote:

> -This command also requires to be ran as root or with the CAP_SYS_ADMIN,
> -CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities. If built with libcap and if
> -capabilities are added to the ip binary program via setcap, the program will
> -drop them as the first thing when invoked, unless the command is vrf exec.
> +This command also requires to be ran as root or with the CAP_BPF (or
> +CAP_SYS_ADMIN on Linux <5.8), CAP_NET_ADMIN and CAP_DAC_OVERRIDE capabilities.
> +If built with libcap and if capabilities are added to the ip binary program
> +via setcap, the program will drop them as the first thing when invoked,
> +unless the command is vrf exec.

I don't like it when documentation becomes kernel version dependent.
And distro kernels backport all the time. Documentation should cover why
instead of hiding it in comments.

This paragraph is almost unreadable even before the patch. The verb tenses
and wording are not those that would be used by a native English speaker.

next prev parent reply	other threads:[~2023-08-14 20:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-09  9:26 [PATCH iproute2-next] ip-vrf: recommend using CAP_BPF rather than CAP_SYS_ADMIN Maximilian Bosch
2023-08-14 20:44 ` Stephen Hemminger [this message]
2023-08-22 12:33   ` [PATCH iproute2-next v2] " Maximilian Bosch
2023-08-23 15:10     ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230814134423.46036cdf@hermes.local \
    --to=stephen@networkplumber.org \
    --cc=maximilian@mbosch.me \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).