#include <linux/kexec.h>
#include <linux/bpf.h>
#include <linux/mount.h>
+#include <linux/efi.h>
#include <linux/uaccess.h>
#include <asm/processor.h>
extern char core_pattern[];
extern unsigned int core_pipe_limit;
#endif
+#ifdef CONFIG_USER_NS
+extern int unprivileged_userns_clone;
+#endif
extern int pid_max;
extern int pid_max_min, pid_max_max;
extern int percpu_pagelist_fraction;
static int max_extfrag_threshold = 1000;
#endif
+static unsigned int secure_boot_enabled;
+int secure_boot_proc_handler(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+ secure_boot_enabled = efi_enabled(EFI_SECURE_BOOT);
+ return proc_dointvec(table, write, buffer, lenp, ppos);
+}
+
+static unsigned int moksbstate_disabled;
+int moksbstate_disabled_proc_handler(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+ moksbstate_disabled = efi_enabled(EFI_MOKSBSTATE_DISABLED);
+ return proc_dointvec(table, write, buffer, lenp, ppos);
+}
+
static struct ctl_table kern_table[] = {
+ {
+ .procname = "secure_boot",
+ .data = &secure_boot_enabled,
+ .maxlen = sizeof(unsigned int),
+ .mode = 0444,
+ .proc_handler = secure_boot_proc_handler,
+ },
+ {
+ .procname = "moksbstate_disabled",
+ .data = &moksbstate_disabled,
+ .maxlen = sizeof(unsigned int),
+ .mode = 0444,
+ .proc_handler = moksbstate_disabled_proc_handler,
+ },
{
.procname = "sched_child_runs_first",
.data = &sysctl_sched_child_runs_first,
.proc_handler = proc_dointvec,
},
#endif
+#ifdef CONFIG_USER_NS
+ {
+ .procname = "unprivileged_userns_clone",
+ .data = &unprivileged_userns_clone,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+#endif
#ifdef CONFIG_PROC_SYSCTL
{
.procname = "tainted",
break;
if (neg)
continue;
+ val = convmul * val / convdiv;
if ((min && val < *min) || (max && val > *max))
continue;
*i = val;