Message ID | 20210520231447.427392-1-cascardo@canonical.com |
---|---|
Headers | show |
Series | set unprivileged_bpf_disabled sysctl default to 2 | expand |
Acked-by: Tim Gardner <tim.gardner@canonical.com> Keeps the riffraff from running BPF :) On 5/20/21 5:14 PM, Thadeu Lima de Souza Cascardo wrote: > This set introduces a new value for unprivileged_bpf_disabled sysctl, that > disables unprivileged BPF, but allows it to be reenabled. The value 1 disables > it, but does not allow it to be set back to 0. > > This has been tested to boot just fine and BPF was disabled for unprivileged > users, but worked for root. It also could be reenabled back, and unprivileged > users could then run their code inside the kernel again. > > Daniel Borkmann (1): > bpf: Add kconfig knob for disabling unpriv bpf by default > > Thadeu Lima de Souza Cascardo (1): > UBUNTU: [Config]: set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y > > Documentation/admin-guide/sysctl/kernel.rst | 17 +++++++++--- > debian.master/config/annotations | 1 + > debian.master/config/config.common.ubuntu | 1 + > init/Kconfig | 10 +++++++ > kernel/bpf/syscall.c | 3 ++- > kernel/sysctl.c | 29 +++++++++++++++++---- > 6 files changed, 52 insertions(+), 9 deletions(-) >