[OS-BUILD PATCH 0/0] Fix sysctl_unprivileged_bpf_disabled sysctl

["Jiri Olsa (via Email Bridge)" <cki-gitlab@xxxxxxxxxx>]

From: Jiri Olsa on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1162
NOTE: Truncated patchset since committer email 'jolsa@xxxxxxxxxx'
      does not match the submitter's GitLab public email address
      'jolsa@xxxxxxxxxx'.
    There's recent change [1] that adds new config option and sets
    unprivileged_bpf_disabled to 2 if the option is enabled
    (CONFIG_BPF_UNPRIV_DEFAULT_OFF).

    The current RHEL specific behaviour is to set unprivileged_bpf_disabled
    to 1 by default and add boot command line argument to enable
    unpriv bpf.

    The config option is enabled in previous patch, adding the taint
    for proc/sysctl unprivileged_bpf_disabled setup.

      # sysctl kernel.unprivileged_bpf_disabled
      kernel.unprivileged_bpf_disabled = 2
      # cat /proc/sys/kernel/tainted
      0
      # sysctl kernel.unprivileged_bpf_disabled=0
      [   45.751085] Unprivileged BPF has been enabled, tainting the kernel
      kernel.unprivileged_bpf_disabled = 0
      # sysctl kernel.unprivileged_bpf_disabled=1
      kernel.unprivileged_bpf_disabled = 1
      # sysctl kernel.unprivileged_bpf_disabled=0
      sysctl: setting key "kernel.unprivileged_bpf_disabled": Operation not
permitted
      # sysctl kernel.unprivileged_bpf_disabled=2
      sysctl: setting key "kernel.unprivileged_bpf_disabled": Operation not
permitted
      # cat /proc/sys/kernel/tainted
      2147483648

    [1] 08389d888287 ("bpf: Add kconfig knob for disabling unpriv bpf by
default")
    [2] 607f0e89af7e ("bpf: set unprivileged_bpf_disabled to 1 by default, add
a boot parameter")

    Fixes: 607f0e89af7e ("bpf: set unprivileged_bpf_disabled to 1 by default,
add a boot parameter")
    Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>

Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>

---
 Documentation/admin-guide/kernel-parameters.txt                     |   7 ++-
 kernel/bpf/syscall.c                                                |   3 -
 kernel/sysctl.c                                                     |   5 ++
 redhat/configs/common/generic/CONFIG_BPF_UNPRIV_DEFAULT_OFF         |   1 +
 redhat/configs/pending-common/generic/CONFIG_BPF_UNPRIV_DEFAULT_OFF |  20 ----------
 redhat/configs/pending-fedora/generic/CONFIG_BPF_UNPRIV_DEFAULT_OFF |  20 ----------
 6 files changed, 10 insertions(+), 46 deletions(-)
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure