rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity

Fix efi-lockdown.patch for upstream BPF change

Browse Source 
Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched
the if statement around.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
This commit is contained in:
Jeremy Cline 2018-03-23 09:27:44 -04:00
parent 0ff2afdbe0
commit a253e4dfca
No known key found for this signature in database
GPG Key ID: 9223308FA9B246DB
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
efi-lockdown.patch
View File

@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
return -EPERM;
+ if (kernel_is_locked_down("BPF"))