summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Cline <jeremy@jcline.org>2018-03-23 09:27:44 -0400
committerJeremy Cline <jeremy@jcline.org>2018-03-23 09:27:44 -0400
commita253e4dfca1f81dd72dd6d7762535e4e4e385e0e (patch)
treec187fc67dd6ffaab79ba631b5249c3818c47cb8e
parent0ff2afdbe0501525ee2d5b53fdc20a320b29bc8c (diff)
downloadkernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.tar.gz
kernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.tar.xz
kernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.zip
Fix efi-lockdown.patch for upstream BPF change
Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched the if statement around. Signed-off-by: Jeremy Cline <jeremy@jcline.org>
-rw-r--r--efi-lockdown.patch2
1 files changed, 1 insertions, 1 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index db408efb5..ceb0ca7f9 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
- if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
+ if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
return -EPERM;
+ if (kernel_is_locked_down("BPF"))