prog.go: cache BTF for CAP_SYS_ADMIN-less freplace#2011
Merged
Conversation
dylandreimerink
requested changes
May 18, 2026
Member
dylandreimerink
left a comment
dylandreimerink
left a comment
There was a problem hiding this comment.
I like this PR, all makes sense to me. Just got two minor comments.
Before the change, performing freplace with cilium/ebpf required CAP_SYS_ADMIN. The subprogram to replace is specified via AttachTarget (*Program) and AttachTo (string) in the replacement ProgramSpec. Since the kernel expects a BTF type ID of the subprogram to replace, the library has to resolve the AttachTo string. It needs BTF of the AttachTarget. To obtain BTF from the kernel CAP_SYS_ADMIN is needed. Extend Program with btf (*btf.Handle). It is populated for Program-s loaded by the library. Program's .Handle() leverages the cached BTF transparaently, enabling CAP_SYS_ADMIN-less freplace. Add SetHandle method to Program to cover program references obtained via NewProgramFromFD(), and LoadPinnedProgram(). The intended usage is as follows: * a CAP_SYS_ADMIN-less user obtains a program reference and the corresponding BTF (e.g. both from a pin); * calls .SetHandle() on the Program; * freplace succeeds with the Program as AttachTarget. Signed-off-by: Nick Zavaritsky <mejedi@gmail.com>
mejedi
force-pushed
the
unpriveleged-freplace
branch
from
e5fbf6d to
429ca76
Compare
dylandreimerink
approved these changes
May 22, 2026
Member
dylandreimerink
left a comment
dylandreimerink
left a comment
There was a problem hiding this comment.
Thank you for the changes, this seems good to me!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Before the change, performing freplace with
cilium/ebpfrequiredCAP_SYS_ADMIN.The subprogram to replace is specified via
AttachTarget(*Program) andAttachTo(string) in the replacementProgramSpec. Since the kernel expects a BTF type ID of the subprogram to replace, the library has to resolve theAttachTostring. It needs BTF of theAttachTarget. To obtain BTF from the kernelCAP_SYS_ADMINis needed.Extend Program with
btf(*btf.Handle). It is populated forProgram-s loaded by the library. Program's.Handle()leverages the cached BTF transparaently, enablingCAP_SYS_ADMIN-less freplace.Add
SetHandlemethod toProgramto cover program references obtained viaNewProgramFromFD(), andLoadPinnedProgram(). The intended usage is as follows:a
CAP_SYS_ADMIN-less user obtains a program reference and the corresponding BTF (e.g. both from a pin);calls
.SetHandle()on theProgram;freplace succeeds with the
ProgramasAttachTarget.