This patch fixes the false alarms from security system such as selinux when doing the capability check. The problem exists since the sysctl_unprivileged_bpf_disabled is added in linux 4.4. So I suggest to backport this patch to all LTS stable branches starting from linux-4.4-y.
0fa4fe85f4724fff89b09741c437cbee9cf8b008 bpf: skip unnecessary
capability check
- bpf stable request Chenbo Feng
- Re: bpf stable request Daniel Borkmann