bpftool: Use appropriate permissions for map access

Modify several functions in tools/bpf/bpftool/common.c to allow specification of requested access for file descriptors, such as read-only access. Update bpftool to request only read access for maps when write access is not required. This fixes errors when reading from maps that are protected from modification via security_bpf_map. Signed-off-by: Slava Imameev <slava.imameev@crowdstrike.com> Reviewed-by: Quentin Monnet <qmo@kernel.org> Link: https://lore.kernel.org/r/20250620151812.13952-1-slava.imameev@crowdstrike.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Slava Imameev <slava.imameev@crowdstrike.com> 2025-06-21 01:18:11 +1000
committer: Alexei Starovoitov <ast@kernel.org> 2025-06-20 11:13:03 -0700
commit: d32179e8c2583f1613f7bc9710612091c3c038d8 (patch)
tree: d14c74e2fe0292ada1a1f872b7177779cf9ac2c5 /tools/bpf/bpftool/prog.c
parent: e30329b8a6476eed87460e73a29ecd718ec981e1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index 96eea8a67225..deeaa5c1ed7d 100644
--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -1062,7 +1062,7 @@ static int parse_attach_detach_args(int argc, char **argv, int *progfd,
 	if (!REQ_ARGS(2))
 		return -EINVAL;
 
-	*mapfd = map_parse_fd(&argc, &argv);
+	*mapfd = map_parse_fd(&argc, &argv, 0);
 	if (*mapfd < 0)
 		return *mapfd;
 
@@ -1608,7 +1608,7 @@ static int load_with_options(int argc, char **argv, bool first_prog_only)
 			}
 			NEXT_ARG();
 
-			fd = map_parse_fd(&argc, &argv);
+			fd = map_parse_fd(&argc, &argv, 0);
 			if (fd < 0)
 				goto err_free_reuse_maps;
author	Slava Imameev <slava.imameev@crowdstrike.com>	2025-06-21 01:18:11 +1000
committer	Alexei Starovoitov <ast@kernel.org>	2025-06-20 11:13:03 -0700
commit	d32179e8c2583f1613f7bc9710612091c3c038d8 (patch)
tree	d14c74e2fe0292ada1a1f872b7177779cf9ac2c5 /tools/bpf/bpftool/prog.c
parent	e30329b8a6476eed87460e73a29ecd718ec981e1 (diff)