Message ID | 20200619124833.633575-2-seth.forshee@canonical.com |
---|---|
State | New |
Headers | show |
Series | Lockdown updates | expand |
diff --git a/drivers/firmware/efi/test/efi_test.c b/drivers/firmware/efi/test/efi_test.c index 41c48a1e8baa..cfc6ac5ed34e 100644 --- a/drivers/firmware/efi/test/efi_test.c +++ b/drivers/firmware/efi/test/efi_test.c @@ -689,6 +689,13 @@ static long efi_test_ioctl(struct file *file, unsigned int cmd, static int efi_test_open(struct inode *inode, struct file *file) { + bool locked_down = kernel_is_locked_down("/dev/efi_test access"); + + if (locked_down) + return -EPERM; + + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; /* * nothing special to do here * We do accept multiple open files at the same time as we