Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add the ability to retain select capabilities at runtime #10923

Merged
merged 1 commit into from
Nov 3, 2021

Conversation

rgacogne
Copy link
Member

Short description

This allows retaining the ability to create and use eBPF programs and maps at runtime, even if kernel.unprivileged_bpf_disabled is set, by keeping the CAP_BPF capability. It can be useful to prevent unprivileged programs on the system from loading eBPF while still allowing dnsdist to do so.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne rgacogne added this to the dnsdist-1.7.0-alpha3 milestone Oct 28, 2021
@rgacogne rgacogne merged commit 235b2e4 into PowerDNS:master Nov 3, 2021
@rgacogne rgacogne deleted the ddist-retain-capabilities branch November 3, 2021 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant