ACK: [Unstable v2 0/2] set unprivileged_bpf_disabled sysctl default to 2
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Mon May 31 10:10:49 UTC 2021
On 28/05/2021 16:32, Thadeu Lima de Souza Cascardo wrote:
> This set introduces a new value for unprivileged_bpf_disabled sysctl, that
> disables unprivileged BPF, but allows it to be reenabled. The value 1 disables
> it, but does not allow it to be set back to 0.
>
> This has been tested to boot just fine and BPF was disabled for unprivileged
> users, but worked for root. It also could be reenabled back, and unprivileged
> users could then run their code inside the kernel again.
>
> v2:
> change tabs to spaces in annotations file
>
> Daniel Borkmann (1):
> bpf: Add kconfig knob for disabling unpriv bpf by default
>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list