bpfloader.rc: set /proc/sys/kernel/unprivileged_bpf_disabled to 0

Needed to not have to carry https://android-review.googlesource.com/c/kernel/common/+/1886896 for 5.16-rc1+ kernels We set this before the bpfloader even executes so it will always be ready before anyone has a chance to use it. Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I418a534d6550c5b57286e261e6988d2debdf237f
2021-11-10 17:06:14 -08:00 · 2021-11-10 17:06:14 -08:00 · fa03239a81
commit fa03239a81
parent 25c028576d
1 changed files with 3 additions and 0 deletions
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@ -15,6 +15,9 @@
 # considered to have booted successfully.
 #
 on load_bpf_programs
+    # Linux 5.16-rc1 has changed the default to 2 (disabled but changeable),
+    # but we need 0
+    write /proc/sys/kernel/unprivileged_bpf_disabled 0
    # Enable the eBPF JIT -- but do note that on 64-bit kernels it is likely
    # already force enabled by the kernel config option BPF_JIT_ALWAYS_ON
    write /proc/sys/net/core/bpf_jit_enable 1