Fix sysctl_unprivileged_bpf_disabled sysctl (!1162) · Merge requests · cki-project / kernel-ark

Jiri Olsa requested to merge jolsa1/kernel-ark:bpf_unpriv into os-build Jun 01, 2021

There's recent change [1] that adds new config option and sets
unprivileged_bpf_disabled to 2 if the option is enabled
(CONFIG_BPF_UNPRIV_DEFAULT_OFF).

The current RHEL specific behaviour is to set unprivileged_bpf_disabled
to 1 by default and add boot command line argument to enable
unpriv bpf.

The config option is enabled in previous patch, adding the taint
for proc/sysctl unprivileged_bpf_disabled setup.

  # sysctl kernel.unprivileged_bpf_disabled
  kernel.unprivileged_bpf_disabled = 2
  # cat /proc/sys/kernel/tainted
  0
  # sysctl kernel.unprivileged_bpf_disabled=0
  [   45.751085] Unprivileged BPF has been enabled, tainting the kernel
  kernel.unprivileged_bpf_disabled = 0
  # sysctl kernel.unprivileged_bpf_disabled=1
  kernel.unprivileged_bpf_disabled = 1
  # sysctl kernel.unprivileged_bpf_disabled=0
  sysctl: setting key "kernel.unprivileged_bpf_disabled": Operation not permitted
  # sysctl kernel.unprivileged_bpf_disabled=2
  sysctl: setting key "kernel.unprivileged_bpf_disabled": Operation not permitted
  # cat /proc/sys/kernel/tainted
  2147483648

[1] 08389d888287 ("bpf: Add kconfig knob for disabling unpriv bpf by default")
[2] 607f0e89af7e ("bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter")

Fixes: 607f0e89af7e ("bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter")
Signed-off-by: Jiri Olsa <jolsa@redhat.com>

Signed-off-by: Jiri Olsa jolsa@redhat.com

Fix sysctl_unprivileged_bpf_disabled sysctl

Merge request reports