NAK: [Unstable 2/2] UBUNTU: [Config]: set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Fri May 21 14:43:56 UTC 2021
On 20/05/2021 19:25, Thadeu Lima de Souza Cascardo wrote:
> This option will disable uprivileged BPF by default. It can be reenabled,
> though, as it uses the new value 2 for the kernel.unprivileged_bpf_disabled
> sysctl. That value disables it, but allows the sysctl knob to be set back
> to 0.
>
> This allows sysadmins to enable unprivileged BPF back by using sysctl
> config files.
>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> ---
> debian.master/config/annotations | 1 +
> debian.master/config/config.common.ubuntu | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/debian.master/config/annotations b/debian.master/config/annotations
> index 03e3dacba02d..c17263c2542f 100644
> --- a/debian.master/config/annotations
> +++ b/debian.master/config/annotations
> @@ -11023,6 +11023,7 @@ CONFIG_LD_DEAD_CODE_DATA_ELIMINATION policy<{'ppc64el': 'n'}>
> CONFIG_BPF_LSM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> CONFIG_BPF_SYSCALL policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> CONFIG_BPF_JIT_ALWAYS_ON policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> +CONFIG_BPF_UNPRIV_DEFAULT_OFF policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
Spaces instead of tabs.
> CONFIG_USERFAULTFD policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> CONFIG_EMBEDDED policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
> CONFIG_COMPAT_BRK policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
x
Best regards,
Krzysztof
More information about the kernel-team
mailing list