Add support for CAP_BPF and CAP_PERFMON privileges (#4259)

Co-authored-by: Stefan Agner <stefan@agner.ch>
This commit is contained in:
Felipe Santos 2023-05-21 10:19:05 -03:00 committed by GitHub
parent b5233cd398
commit 88d25fc14e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions

View File

@ -44,13 +44,15 @@ def rating_security(addon: AddonModel) -> int:
any(
privilege in addon.privileged
for privilege in (
Capabilities.BPF,
Capabilities.DAC_READ_SEARCH,
Capabilities.NET_ADMIN,
Capabilities.NET_RAW,
Capabilities.PERFMON,
Capabilities.SYS_ADMIN,
Capabilities.SYS_RAWIO,
Capabilities.SYS_PTRACE,
Capabilities.SYS_MODULE,
Capabilities.DAC_READ_SEARCH,
Capabilities.SYS_PTRACE,
Capabilities.SYS_RAWIO,
)
)
or addon.with_kernel_modules

View File

@ -5,10 +5,12 @@ from enum import Enum
class Capabilities(str, Enum):
"""Linux Capabilities."""
BPF = "BPF"
DAC_READ_SEARCH = "DAC_READ_SEARCH"
IPC_LOCK = "IPC_LOCK"
NET_ADMIN = "NET_ADMIN"
NET_RAW = "NET_RAW"
PERFMON = "PERFMON"
SYS_ADMIN = "SYS_ADMIN"
SYS_MODULE = "SYS_MODULE"
SYS_NICE = "SYS_NICE"