[LTP] [PATCH 1/1] bpf_prog0[5-7]: Run with kernel.unprivileged_bpf_disabled = 0
Petr Vorel
pvorel@suse.cz
Fri Aug 19 12:31:48 CEST 2022
> > Hi!
> > > --- a/testcases/kernel/syscalls/bpf/bpf_prog05.c
> > > +++ b/testcases/kernel/syscalls/bpf/bpf_prog05.c
> > > @@ -209,6 +209,11 @@ static struct tst_test test = {
> > > {&msg, .size = sizeof(MSG)},
> > > {}
> > > },
> > > + .needs_root = 1,
> > > + .save_restore = (const struct tst_path_val[]) {
> > > + {"?/proc/sys/kernel/unprivileged_bpf_disabled", "0"},
> > > + {}
> > > + },
> > If we set needs_root the test would run under root and there is no need
> > to fiddle with the unprivileged_bpf_disabled at all.
> I expected that as well, but well, I don't know why, but:
> # cat /proc/sys/kernel/unprivileged_bpf_disabled
> 2
> # id
> uid=0(root) gid=0(root) groups=0(root)
> # ./bpf_prog05
> tst_buffers.c:55: TINFO: Test is using guarded buffers
> tst_test.c:1526: TINFO: Timeout per run is 0h 00m 30s
> bpf_common.c:16: TINFO: Raising RLIMIT_MEMLOCK to 10485760
> tst_capability.c:29: TINFO: Dropping CAP_SYS_ADMIN(21)
> tst_capability.c:29: TINFO: Dropping CAP_BPF(39)
Maybe dropping CAP_BPF() causes that even running root is not enough.
Kind regards,
Petr
> bpf_common.c:39: TCONF: Hint: check also /proc/sys/kernel/unprivileged_bpf_disabled
> bpf_common.c:40: TCONF: bpf() requires CAP_SYS_ADMIN or CAP_BPF on this system: EPERM (1)
> Summary:
> passed 0
> failed 0
> broken 0
> skipped 2
> warnings 0
> I.e. 1 or 2 kernel.unprivileged_bpf_disabled results bpf() returning EPERM for
> *all* users including root. 0 allows running again for all users, but we need
> root to set it 0 via .save_restore:
> tst_sys_conf.c:106: TBROK: Failed to open FILE '/proc/sys/kernel/unprivileged_bpf_disabled' for writing: EACCES (13)
> Maybe we could change tst_sys_conf_save() not to write the value if value can be
> read and is the same (and not run tst_sys_conf_restore() if value was the same).
> That way we would not need to require root if value is the same.
> But it'd be nice to have some tag saying: maybe root is needed, depend on sysfs
> value...
> Kind regards,
> Petr
More information about the ltp
mailing list