grant bpfloader NET_ADMIN capability This is required for it to be able to create DEVMAP/DEVMAP_HASH maps. See kernel source code in kernel/bpf/devmap.c: static struct bpf_map *dev_map_alloc(union bpf_attr *attr) { ... if (!capable(CAP_NET_ADMIN)) return ERR_PTR(-EPERM); Test: atest, TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I4f3012209186ff0e4bde8807b9032de056367132

commit: 265d1310ec5d246ec8af85be23414cecbe838e60 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Mon Mar 01 23:09:27 2021 -0800
committer: Maciej Żenczykowski <maze@google.com> Wed Mar 03 03:28:22 2021 +0000
tree: 3da9ef74f5de53da3316353518c8597c29d76c92
parent: e5b8aa240bd9665ee275df92824a9c32229a15c8 [diff]
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 9a9482c..3c56c43 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc

@@ -23,7 +23,7 @@
     exec_start bpfloader
 
 service bpfloader /system/bin/bpfloader
-    capabilities CHOWN SYS_ADMIN
+    capabilities CHOWN SYS_ADMIN NET_ADMIN
     #
     # Set RLIMIT_MEMLOCK to 1GiB for bpfloader
     #
commit	265d1310ec5d246ec8af85be23414cecbe838e60	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Mon Mar 01 23:09:27 2021 -0800
committer	Maciej Żenczykowski <maze@google.com>	Wed Mar 03 03:28:22 2021 +0000
tree	3da9ef74f5de53da3316353518c8597c29d76c92
parent	e5b8aa240bd9665ee275df92824a9c32229a15c8 [diff]