From a253e4dfca1f81dd72dd6d7762535e4e4e385e0e Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Fri, 23 Mar 2018 09:27:44 -0400 Subject: Fix efi-lockdown.patch for upstream BPF change Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched the if statement around. Signed-off-by: Jeremy Cline --- efi-lockdown.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'efi-lockdown.patch') diff --git a/efi-lockdown.patch b/efi-lockdown.patch index db408efb5..ceb0ca7f9 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz - if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled) + if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (kernel_is_locked_down("BPF")) -- cgit