Fix efi-lockdown.patch for upstream BPF change
Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched the if statement around. Signed-off-by: Jeremy Cline <jeremy@jcline.org>
This commit is contained in:
parent
0ff2afdbe0
commit
a253e4dfca
@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644
|
|||||||
--- a/kernel/bpf/syscall.c
|
--- a/kernel/bpf/syscall.c
|
||||||
+++ b/kernel/bpf/syscall.c
|
+++ b/kernel/bpf/syscall.c
|
||||||
@@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
|
@@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
|
||||||
if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
|
if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
||||||
+ if (kernel_is_locked_down("BPF"))
|
+ if (kernel_is_locked_down("BPF"))
|
||||||
|
Loading…
Reference in New Issue
Block a user