disable unprivileged eBPF access by default

anthraxx · Jul 11, 2018 · 0fe1490 · 0fe1490
1 parent 27b128a
commit 0fe1490
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
@@ -43,7 +43,7 @@ static DEFINE_SPINLOCK(prog_idr_lock);
 static DEFINE_IDR(map_idr);
 static DEFINE_SPINLOCK(map_idr_lock);
 
-int sysctl_unprivileged_bpf_disabled __read_mostly;
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
 
 static const struct bpf_map_ops * const bpf_map_types[] = {
 #define BPF_PROG_TYPE(_id, _ops)