[LTP] [PATCH 1/1] bpf_prog0[5-7]: Run with kernel.unprivileged_bpf_disabled = 0
Petr Vorel
pvorel@suse.cz
Fri Aug 19 14:08:54 CEST 2022
> Hi!
> > I.e. 1 or 2 kernel.unprivileged_bpf_disabled results bpf() returning EPERM for
> > *all* users including root. 0 allows running again for all users, but we need
> > root to set it 0 via .save_restore:
> > tst_sys_conf.c:106: TBROK: Failed to open FILE '/proc/sys/kernel/unprivileged_bpf_disabled' for writing: EACCES (13)
> > Maybe we could change tst_sys_conf_save() not to write the value if value can be
> > read and is the same (and not run tst_sys_conf_restore() if value was the same).
> That would be a good idea either way.
> The unprivileged_bpf_disabled is more complicated that this though. It's
> a three state as:
> 0 - enabled
> 1 - disabled and can't be enabled
> 2 - disabled and can be enabled
Good point, I didn't realize 1 means "no" also for root :).
> So either we add special handling for 'cannot be changed' value to
> save_restore or we have to move that code to the test setup and check
> it manually.
Yes, because ? check for failure only in tst_sys_conf_save() (saving original
value), but writing new value (0) fails in tst_sys_conf_set() due
SAFE_FILE_PRINTF(). Adding new symbol or changing '?' to to use FILE_PRINTF()
and prints warning would IMHO help. I'll try to send patch soon.
> > That way we would not need to require root if value is the same.
> > But it'd be nice to have some tag saying: maybe root is needed, depend on sysfs
> > value...
> I wouldn't overly complicate the situation and just require root here.
Makes sense.
Kind regards,
Petr
More information about the ltp
mailing list