diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-02 23:00:27 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-08-02 23:02:19 +0200 |
commit | 46b3206f945d85fa8d24828e4dfc4fd0558be24b (patch) | |
tree | 1ed7bb49c080eead8a9894126d4c5c1e62cf1094 | |
parent | 948fcda2b9c3fd6e8a802a712f3d5a4674258a47 (diff) | |
download | kernel_replicant_linux-46b3206f945d85fa8d24828e4dfc4fd0558be24b.tar.gz kernel_replicant_linux-46b3206f945d85fa8d24828e4dfc4fd0558be24b.tar.bz2 kernel_replicant_linux-46b3206f945d85fa8d24828e4dfc4fd0558be24b.zip |
linux-image: Add NEWS entry documenting that unprivileged calls to bpf() are disabled by default in Debian.
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/linux-image.NEWS | 16 |
2 files changed, 18 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 20df988d3c7d..0fbb302a59e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ linux (5.10.46-4) UNRELEASED; urgency=medium * Ignore ABI changes for bpf_offload_dev_create and bpf_verifier_log_write * bpf: Add kconfig knob for disabling unpriv bpf by default * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) + * linux-image: Add NEWS entry documenting that unprivileged calls to bpf() are + disabled by default in Debian. -- Salvatore Bonaccorso <carnil@debian.org> Mon, 02 Aug 2021 12:36:15 +0200 diff --git a/debian/linux-image.NEWS b/debian/linux-image.NEWS index 899e30abcaa2..f8e1fc022907 100644 --- a/debian/linux-image.NEWS +++ b/debian/linux-image.NEWS @@ -1,3 +1,19 @@ +linux (5.10.46-4) unstable; urgency=medium + + * From Linux 5.10.46-4, unprivileged calls to bpf() are disabled by + default, mitigating several security issues. However, an admin can + still change this setting later on, if needed, by writing 0 or 1 to + the kernel.unprivileged_bpf_disabled sysctl. + + If you prefer to keep unprivileged calls to bpf() enabled, set the + sysctl: + + kernel.unprivileged_bpf_disabled = 0 + + which is the upstream default. + + -- Salvatore Bonaccorso <carnil@debian.org> Mon, 02 Aug 2021 22:59:24 +0200 + linux (5.10~rc7-1~exp2) unstable; urgency=medium * From Linux 5.10, all users are allowed to create user namespaces by |