Tested kernel 5.3.0-43-generic from -proposed, on eoan with Secure Boot/Lockdown enabled. Running 'sudo bpftool prog' works and lists BPF programs loaded on the system, via the bpf() syscall. Same test on 5.3.0-42-generic would fail with -EPERM.
So the fix works well, and we can now use bpf() even with Lockdown, thanks! I'll update the verification tag. This is definitely an improvement, although the resolution here will not address Brendan's concerns for tracing. ** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863234 Title: Disabling bpf() syscall on kernel lockdown break apps when secure boot is on To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1863234/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
