Message ID | 20200220000426.2428-3-tyhicks@canonical.com |
---|---|
State | New |
Headers | show |
Series | Loosen Lockdown restrictions on bpf(2) (LP: #1863234) | expand |
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 4de66792826f..1f74b8002abe 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2622,9 +2622,6 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; - if (kernel_is_locked_down("BPF")) - return -EPERM; - err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err;
BugLink: https://bugs.launchpad.net/bugs/1863234 This reverts commit 2a68c65abae66d28e2acb3245cb156ae2ea6eb1d. Allow some uses of the bpf(2) system call, while in Lockdown mode, now that upstream commit 9d1f8be5cf42 ("bpf: Restrict bpf when kernel lockdown is in confidentiality mode") is applied to restrict BPF reads. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> --- kernel/bpf/syscall.c | 3 --- 1 file changed, 3 deletions(-)