[Unstable 0/2] set unprivileged_bpf_disabled sysctl default to 2
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu May 20 23:14:45 UTC 2021
This set introduces a new value for unprivileged_bpf_disabled sysctl, that
disables unprivileged BPF, but allows it to be reenabled. The value 1 disables
it, but does not allow it to be set back to 0.
This has been tested to boot just fine and BPF was disabled for unprivileged
users, but worked for root. It also could be reenabled back, and unprivileged
users could then run their code inside the kernel again.
Daniel Borkmann (1):
bpf: Add kconfig knob for disabling unpriv bpf by default
Thadeu Lima de Souza Cascardo (1):
UBUNTU: [Config]: set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
Documentation/admin-guide/sysctl/kernel.rst | 17 +++++++++---
debian.master/config/annotations | 1 +
debian.master/config/config.common.ubuntu | 1 +
init/Kconfig | 10 +++++++
kernel/bpf/syscall.c | 3 ++-
kernel/sysctl.c | 29 +++++++++++++++++----
6 files changed, 52 insertions(+), 9 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list