ACK: [Unstable 0/2] set unprivileged_bpf_disabled sysctl default to 2
Tim Gardner
tim.gardner at canonical.com
Fri May 21 11:28:21 UTC 2021
Acked-by: Tim Gardner <tim.gardner at canonical.com>
Keeps the riffraff from running BPF :)
On 5/20/21 5:14 PM, Thadeu Lima de Souza Cascardo wrote:
> This set introduces a new value for unprivileged_bpf_disabled sysctl, that
> disables unprivileged BPF, but allows it to be reenabled. The value 1 disables
> it, but does not allow it to be set back to 0.
>
> This has been tested to boot just fine and BPF was disabled for unprivileged
> users, but worked for root. It also could be reenabled back, and unprivileged
> users could then run their code inside the kernel again.
>
> Daniel Borkmann (1):
> bpf: Add kconfig knob for disabling unpriv bpf by default
>
> Thadeu Lima de Souza Cascardo (1):
> UBUNTU: [Config]: set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
>
> Documentation/admin-guide/sysctl/kernel.rst | 17 +++++++++---
> debian.master/config/annotations | 1 +
> debian.master/config/config.common.ubuntu | 1 +
> init/Kconfig | 10 +++++++
> kernel/bpf/syscall.c | 3 ++-
> kernel/sysctl.c | 29 +++++++++++++++++----
> 6 files changed, 52 insertions(+), 9 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list