]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
bpf/bpftool: Add unprivileged_bpf_disabled check against value of 2
authorMilan Landaverde <milan@mdaverde.com>
Tue, 22 Mar 2022 14:49:45 +0000 (10:49 -0400)
committerAlexei Starovoitov <ast@kernel.org>
Tue, 29 Mar 2022 02:01:54 +0000 (19:01 -0700)
In [1], we added a kconfig knob that can set
/proc/sys/kernel/unprivileged_bpf_disabled to 2

We now check against this value in bpftool feature probe

[1] https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net

Signed-off-by: Milan Landaverde <milan@mdaverde.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Quentin Monnet <quentin@isovalent.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/bpf/20220322145012.1315376-1-milan@mdaverde.com
tools/bpf/bpftool/feature.c

index c2f43a5d38e01b925409e2711f14fe86a675bc1a..290998c82de12ea5fa053c11e2a6724a81166e7e 100644 (file)
@@ -207,7 +207,10 @@ static void probe_unprivileged_disabled(void)
                        printf("bpf() syscall for unprivileged users is enabled\n");
                        break;
                case 1:
-                       printf("bpf() syscall restricted to privileged users\n");
+                       printf("bpf() syscall restricted to privileged users (without recovery)\n");
+                       break;
+               case 2:
+                       printf("bpf() syscall restricted to privileged users (admin can change)\n");
                        break;
                case -1:
                        printf("Unable to retrieve required privileges for bpf() syscall\n");