[redhat] New configs in kernel/bpf (!1160) · Merge requests · cki-project / kernel-ark

CKI Gitlab requested to merge configs/2021-05-27/kernel/bpf into os-build May 27, 2021

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

CONFIG_BPF_UNPRIV_DEFAULT_OFF:

Disables unprivileged BPF by default by setting the corresponding /proc/sys/kernel/unprivileged_bpf_disabled knob to 2. An admin can still reenable it by setting it to 0 later on, or permanently disable it by setting it to 1 (from which no other transition to 0 is possible anymore).

Symbol: BPF_UNPRIV_DEFAULT_OFF [=n] Type : bool Defined at kernel/bpf/Kconfig:65 Prompt: Disable unprivileged BPF by default Depends on: BPF_SYSCALL [=y] Location: -> General setup -> BPF subsystem

Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

[redhat] New configs in kernel/bpf

Merge request reports