linux/Documentation
Daniel Borkmann 08389d8882 bpf: Add kconfig knob for disabling unpriv bpf by default
Add a kconfig knob which allows for unprivileged bpf to be disabled by default.
If set, the knob sets /proc/sys/kernel/unprivileged_bpf_disabled to value of 2.

This still allows a transition of 2 -> {0,1} through an admin. Similarly,
this also still keeps 1 -> {1} behavior intact, so that once set to permanently
disabled, it cannot be undone aside from a reboot.

We've also added extra2 with max of 2 for the procfs handler, so that an admin
still has a chance to toggle between 0 <-> 2.

Either way, as an additional alternative, applications can make use of CAP_BPF
that we added a while ago.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net
2021-05-11 13:56:16 -07:00
..
ABI Documentation: ABI: sysfs-class-net-qmi: document pass-through file 2021-05-03 13:40:17 -07:00
accounting
admin-guide bpf: Add kconfig knob for disabling unpriv bpf by default 2021-05-11 13:56:16 -07:00
arm It's been a relatively busy cycle in docsland, though more than usually 2021-04-26 13:22:43 -07:00
arm64 arm64 updates for 5.13: 2021-04-26 10:25:03 -07:00
block block/bfq: update comments and default value in docs for fifo_expire 2021-03-02 11:25:38 -07:00
bpf bpf: Document the pahole release info related to libbpf in bpf_devel_QA.rst 2021-04-23 17:11:58 -07:00
cdrom
core-api drm for 5.13-rc1 2021-04-28 10:01:40 -07:00
cpu-freq
crypto
dev-tools Locking changes for this cycle were: 2021-04-28 12:37:53 -07:00
devicetree Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
doc-guide docs: Document cross-referencing using relative path 2021-02-04 16:24:12 -07:00
driver-api VFIO updates for v5.13-rc1 2021-04-28 17:19:47 -07:00
fault-injection
fb Documentation: Add leading slash to some paths 2021-03-31 13:49:19 -06:00
features Documentation/features: mark BATCHED_UNMAP_TLB_FLUSH doesn't apply to ARM64 2021-03-15 13:17:40 -06:00
filesystems for-5.13/drivers-2021-04-27 2021-04-28 14:39:37 -07:00
firmware_class
firmware-guide Merge branches 'acpi-pci' and 'acpi-processor' 2021-04-26 17:03:05 +02:00
fpga Documentation: fpga: dfl: Add description for DFL UIO support 2021-03-28 14:58:18 +02:00
gpu drm-misc-next for 5.13: 2021-04-07 17:32:12 +10:00
hid Documentation: Add leading slash to some paths 2021-03-31 13:49:19 -06:00
hwmon hwmon: Remove amd_energy driver 2021-04-20 06:52:08 -07:00
i2c i2c: testunit: add support for block process calls 2021-02-12 11:11:04 +01:00
ia64
ide
iio iio: hrtimer: Allow sub Hz granularity 2021-03-25 19:13:49 +00:00
infiniband
input input: Documentation: corrections for uinput.rst 2021-03-08 17:15:37 -07:00
isdn
kbuild Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
kernel-hacking docs: kernel-hacking: be more civil 2021-02-11 10:00:40 -07:00
leds Documentation: Add leading slash to some paths 2021-03-31 13:49:19 -06:00
litmus-tests
livepatch docs: livepatch: Fix a typo and remove the unnecessary gaps in a sentence 2021-03-08 17:25:16 -07:00
locking
m68k
maintainer media: add a subsystem profile documentation 2021-03-22 08:56:42 +01:00
mhi
mips
misc-devices dw-xdata-pcie: Update outdated info and improve text format 2021-04-14 19:47:28 +02:00
netlabel
networking Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-04-28 11:59:31 -07:00
nios2
nvdimm
openrisc
parisc
PCI Documentation: PCI: Add PCI endpoint NTB function user guide 2021-02-23 14:15:45 -06:00
pcmcia
power power supply and reset changes for the v5.13 series 2021-04-28 15:43:58 -07:00
powerpc docs: powerpc: Fix misspellings and grammar errors 2021-03-31 13:50:59 -06:00
process It's been a relatively busy cycle in docsland, though more than usually 2021-04-26 13:22:43 -07:00
RCU docs: Correctly spell Stephen Hemminger's name 2021-03-15 13:53:24 -07:00
riscv
s390 s390/pci: expose UID uniqueness guarantee 2021-04-05 11:30:57 +02:00
scheduler sched/debug: Rename the sched_debug parameter to sched_verbose 2021-04-17 13:22:44 +02:00
scsi for-5.13/block-2021-04-27 2021-04-28 14:27:12 -07:00
security doc: trusted-encrypted: updates with TEE as a new trust source 2021-04-14 16:30:30 +03:00
sh
sound ALSA: jack: implement software jack injection via debugfs 2021-02-02 10:37:07 +01:00
sparc
sphinx docs: sphinx: Fix couple of spellings in the file rstFlatTable.py 2021-03-06 17:36:50 -07:00
sphinx-static
spi spi: Updates for v5.13 2021-04-26 16:32:11 -07:00
staging
target
timers
trace Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
translations It's been a relatively busy cycle in docsland, though more than usually 2021-04-26 13:22:43 -07:00
usb docs: usbip: Fix major fields and descriptions in protocol 2021-04-09 16:04:45 +02:00
userspace-api Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
virt It's been a relatively busy cycle in docsland, though more than usually 2021-04-26 13:22:43 -07:00
vm mm/debug_vm_pgtable/basic: add validation for dirtiness after write protect 2021-02-24 13:38:27 -08:00
w1
watchdog docs: watchdog: fix obsolete include file reference in pcwd 2021-03-06 17:36:51 -07:00
x86 x86/sgx: Introduce virtual EPC for use by KVM guests 2021-04-06 09:43:17 +02:00
xtensa
.gitignore
arch.rst docs: Group arch-specific documentation under "CPU Architectures" 2021-03-15 13:35:35 -06:00
asm-annotations.rst
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: conf.py: adjust the LaTeX document output 2021-03-08 17:20:03 -07:00
COPYING-logo
docutils.conf
dontdiff
index.rst docs: Group arch-specific documentation under "CPU Architectures" 2021-03-15 13:35:35 -06:00
Kconfig
logo.gif
Makefile kbuild: remove PYTHON variable 2021-02-01 10:37:19 +09:00
memory-barriers.txt
SubmittingPatches
watch_queue.rst