[LTP] [PATCH 1/1] bpf_prog0[5-7]: Run with kernel.unprivileged_bpf_disabled = 0
Cyril Hrubis
chrubis@suse.cz
Fri Aug 19 12:43:45 CEST 2022
Hi!
> I expected that as well, but well, I don't know why, but:
>
> # cat /proc/sys/kernel/unprivileged_bpf_disabled
> 2
>
> # id
> uid=0(root) gid=0(root) groups=0(root)
>
> # ./bpf_prog05
> tst_buffers.c:55: TINFO: Test is using guarded buffers
> tst_test.c:1526: TINFO: Timeout per run is 0h 00m 30s
> bpf_common.c:16: TINFO: Raising RLIMIT_MEMLOCK to 10485760
> tst_capability.c:29: TINFO: Dropping CAP_SYS_ADMIN(21)
> tst_capability.c:29: TINFO: Dropping CAP_BPF(39)
> bpf_common.c:39: TCONF: Hint: check also /proc/sys/kernel/unprivileged_bpf_disabled
> bpf_common.c:40: TCONF: bpf() requires CAP_SYS_ADMIN or CAP_BPF on this system: EPERM (1)
>
> Summary:
> passed 0
> failed 0
> broken 0
> skipped 2
> warnings 0
>
> I.e. 1 or 2 kernel.unprivileged_bpf_disabled results bpf() returning EPERM for
> *all* users including root. 0 allows running again for all users, but we need
> root to set it 0 via .save_restore:
Ah, right, these tests test bugs in unpriviledged bpf and drop
priviledges before they start, see the CAP_DROP in the .caps in the
tst_test struct. So obviously we have to enable unprivileged bpf to run
them. So I guess the patch should go in as it is.
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list