[LTP] [PATCH 1/1] bpf_prog0[5-7]: Run with kernel.unprivileged_bpf_disabled = 0

[Petr Vorel]

> Hi!
> > --- a/testcases/kernel/syscalls/bpf/bpf_prog05.c
> > +++ b/testcases/kernel/syscalls/bpf/bpf_prog05.c
> > @@ -209,6 +209,11 @@ static struct tst_test test = {
> >  		{&msg, .size = sizeof(MSG)},
> >  		{}
> >  	},
> > +	.needs_root = 1,
> > +	.save_restore = (const struct tst_path_val[]) {
> > +		{"?/proc/sys/kernel/unprivileged_bpf_disabled", "0"},
> > +		{}
> > +	},

> If we set needs_root the test would run under root and there is no need
> to fiddle with the unprivileged_bpf_disabled at all.

I expected that as well, but well, I don't know why, but:

# cat /proc/sys/kernel/unprivileged_bpf_disabled
2

# id
uid=0(root) gid=0(root) groups=0(root)

# ./bpf_prog05
tst_buffers.c:55: TINFO: Test is using guarded buffers
tst_test.c:1526: TINFO: Timeout per run is 0h 00m 30s
bpf_common.c:16: TINFO: Raising RLIMIT_MEMLOCK to 10485760
tst_capability.c:29: TINFO: Dropping CAP_SYS_ADMIN(21)
tst_capability.c:29: TINFO: Dropping CAP_BPF(39)
bpf_common.c:39: TCONF: Hint: check also /proc/sys/kernel/unprivileged_bpf_disabled
bpf_common.c:40: TCONF: bpf() requires CAP_SYS_ADMIN or CAP_BPF on this system: EPERM (1)

Summary:
passed   0
failed   0
broken   0
skipped  2
warnings 0

I.e. 1 or 2 kernel.unprivileged_bpf_disabled results bpf() returning EPERM for
*all* users including root. 0 allows running again for all users, but we need
root to set it 0 via .save_restore:

tst_sys_conf.c:106: TBROK: Failed to open FILE '/proc/sys/kernel/unprivileged_bpf_disabled' for writing: EACCES (13)

Maybe we could change tst_sys_conf_save() not to write the value if value can be
read and is the same (and not run tst_sys_conf_restore() if value was the same).

That way we would not need to require root if value is the same.

But it'd be nice to have some tag saying: maybe root is needed, depend on sysfs
value...

Kind regards,
Petr