bpf/bpftool: Add unprivileged_bpf_disabled check against value of 2

In [1], we added a kconfig knob that can set
/proc/sys/kernel/unprivileged_bpf_disabled to 2

We now check against this value in bpftool feature probe

[1] https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net

Signed-off-by: Milan Landaverde <milan@mdaverde.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Quentin Monnet <quentin@isovalent.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/bpf/20220322145012.1315376-1-milan@mdaverde.com

diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
index c2f43a5d38e01b925409e2711f14fe86a675bc1a..290998c82de12ea5fa053c11e2a6724a81166e7e 100644 (file)
--- a/tools/bpf/bpftool/feature.c
+++ b/tools/bpf/bpftool/feature.c
@@ -207,7 +207,10 @@ static void probe_unprivileged_disabled(void)
                        printf("bpf() syscall for unprivileged users is enabled\n");
                        break;
                case 1:
-                       printf("bpf() syscall restricted to privileged users\n");
+                       printf("bpf() syscall restricted to privileged users (without recovery)\n");
+                       break;
+               case 2:
+                       printf("bpf() syscall restricted to privileged users (admin can change)\n");
                        break;
                case -1:
                        printf("Unable to retrieve required privileges for bpf() syscall\n");