xref: /aosp_15_r20/external/libcap/doc/values/39.txt (revision 2810ac1b38eead2603277920c78344c84ddf3aff)
1Allows a process to manipulate aspects of the kernel
2enhanced Berkeley Packet Filter (BPF) system. This is
3an execution subsystem of the kernel, that manages BPF
4programs. CAP_BPF permits a process to:
5  - create all types of BPF maps
6  - advanced verifier features:
7    - indirect variable access
8    - bounded loops
9    - BPF to BPF function calls
10    - scalar precision tracking
11    - larger complexity limits
12    - dead code elimination
13    - potentially other features
14
15Other capabilities can be used together with CAP_BFP to
16further manipulate the BPF system:
17  - CAP_PERFMON relaxes the verifier checks as follows:
18    - BPF programs can use pointer-to-integer
19      conversions
20    - speculation attack hardening measures can be
21      bypassed
22    - bpf_probe_read to read arbitrary kernel memory is
23      permitted
24    - bpf_trace_printk to print the content of kernel
25      memory
26  - CAP_SYS_ADMIN permits the following:
27    - use of bpf_probe_write_user
28    - iteration over the system-wide loaded programs,
29      maps, links BTFs and convert their IDs to file
30      descriptors.
31  - CAP_PERFMON is required to load tracing programs.
32  - CAP_NET_ADMIN is required to load networking
33    programs.
34