This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-eoan -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1868626 Title: Allow BPF tracing under lockdown Status in linux package in Ubuntu: Fix Committed Status in linux source package in Eoan: Fix Committed Bug description: [Impact] BPF tracing is allowed on Bionic and on Focal under integrity lockdown, which is going to be the default before release. Right now, Eoan does not allow kprobes and BPF reads under lockdown, preventing BPF tracing and kprobe tracing. [Test case] sudo bpftrace -e 'kprobe:do_nanosleep { printf("PID %d sleeping...\n", pid); }' sudo bpftrace -e 'tracepoint:syscalls:sys_enter_openat { printf("filename: [%s]; flags: [%d]\n", str(args->filename), args->flags); }' The last one should show the filename and flags. [Regression potential] This would allow privileged users to possibly read some kernel data that was not possible before. However, this is already possible on systems that are not under lockdown, which are all non-secure boot systems by default. This also matches the behavior of signed kernels of Bionic and Focal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1868626/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
