Message ID | 20200220000351.2350-3-tyhicks@canonical.com |
---|---|
State | New |
Headers | show |
Series | Loosen Lockdown restrictions on bpf(2) (LP: #1863234) | expand |
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 50a344ac8ff9..ee3087462bc9 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2831,9 +2831,6 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; - if (kernel_is_locked_down("BPF")) - return -EPERM; - err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err;
BugLink: https://bugs.launchpad.net/bugs/1863234 This reverts commit 4882fa5a0c95fc8dbabd88a6a895b50450928ea7. Allow some uses of the bpf(2) system call, while in Lockdown mode, now that upstream commit 9d1f8be5cf42 ("bpf: Restrict bpf when kernel lockdown is in confidentiality mode") is applied to restrict BPF reads. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> --- kernel/bpf/syscall.c | 3 --- 1 file changed, 3 deletions(-)