diff options
| author | Jeremy Cline <jeremy@jcline.org> | 2018-03-23 09:27:44 -0400 |
|---|---|---|
| committer | Jeremy Cline <jeremy@jcline.org> | 2018-03-23 09:27:44 -0400 |
| commit | a253e4dfca1f81dd72dd6d7762535e4e4e385e0e (patch) | |
| tree | c187fc67dd6ffaab79ba631b5249c3818c47cb8e | |
| parent | 0ff2afdbe0501525ee2d5b53fdc20a320b29bc8c (diff) | |
| download | kernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.tar.gz kernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.tar.xz kernel-a253e4dfca1f81dd72dd6d7762535e4e4e385e0e.zip | |
Fix efi-lockdown.patch for upstream BPF change
Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched
the if statement around.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
| -rw-r--r-- | efi-lockdown.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index db408efb5..ceb0ca7f9 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz - if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled) + if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) |