[v2] bpf: lirc program type should not require SYS_CAP_ADMIN
Commit Message
Make it possible to load lirc program type with just CAP_BPF. There is
nothing exceptional about lirc programs that means they require
SYS_CAP_ADMIN.
In order to attach or detach a lirc program type you need permission to
open /dev/lirc0; if you have permission to do that, you can alter all
sorts of lirc receiving options. Changing the IR protocol decoder is no
different.
Right now on a typical distribution /dev/lirc devices are only
read/write by root. Ideally we would make them group read/write like
other devices so that local users can use them without becoming root.
Signed-off-by: Sean Young <sean@mess.org>
---
kernel/bpf/syscall.c | 1 -
1 file changed, 1 deletion(-)
v2: improved commit message
Comments
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Mon, 17 Apr 2023 09:17:48 +0100 you wrote:
> Make it possible to load lirc program type with just CAP_BPF. There is
> nothing exceptional about lirc programs that means they require
> SYS_CAP_ADMIN.
>
> In order to attach or detach a lirc program type you need permission to
> open /dev/lirc0; if you have permission to do that, you can alter all
> sorts of lirc receiving options. Changing the IR protocol decoder is no
> different.
>
> [...]
Here is the summary with links:
- [v2] bpf: lirc program type should not require SYS_CAP_ADMIN
https://git.kernel.org/bpf/bpf-next/c/69a8c792cd95
You are awesome, thank you!
@@ -2463,7 +2463,6 @@ static bool is_net_admin_prog_type(enum bpf_prog_type prog_type)
case BPF_PROG_TYPE_LWT_SEG6LOCAL:
case BPF_PROG_TYPE_SK_SKB:
case BPF_PROG_TYPE_SK_MSG:
- case BPF_PROG_TYPE_LIRC_MODE2:
case BPF_PROG_TYPE_FLOW_DISSECTOR:
case BPF_PROG_TYPE_CGROUP_DEVICE:
case BPF_PROG_TYPE_CGROUP_SOCK: