• Jon Doron's avatar
    libbpf: Fix the case of running as non-root with capabilities · 6a4ab886
    Jon Doron authored
    When running rootless with special capabilities like:
    FOWNER / DAC_OVERRIDE / DAC_READ_SEARCH
    
    The "access" API will not make the proper check if there is really
    access to a file or not.
    
    >From the access man page:
    "
    The check is done using the calling process's real UID and GID, rather
    than the effective IDs as is done when actually attempting an operation
    (e.g., open(2)) on the file.  Similarly, for the root user, the check
    uses the set of permitted capabilities  rather than the set of effective
    capabilities; ***and for non-root users, the check uses an empty set of
    capabilities.***
    "
    
    What that means is that for non-root user the access API will not do the
    proper validation if the process really has permission to a file or not.
    
    To resolve this this patch replaces all the access API calls with
    faccessat with AT_EACCESS flag.
    Signed-off-by: default avatarJon Doron <jond@wiz.io>
    Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220925070431.1313680-1-arilou@gmail.com
    6a4ab886
libbpf.c 326 KB