The Eoan Ermine has reached end of life, so this bug will not be fixed
for that release
** Changed in: linux (Ubuntu Eoan)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.l
** Changed in: linux (Ubuntu Disco)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863234
Title:
Disabling bpf() syscall on kernel lockdown bre
This was reverted due to bug #1868626
** Changed in: linux (Ubuntu Eoan)
Status: Fix Committed => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863234
Title:
Disabling
Tested kernel 5.3.0-43-generic from -proposed, on eoan with Secure
Boot/Lockdown enabled. Running 'sudo bpftool prog' works and lists BPF
programs loaded on the system, via the bpf() syscall. Same test on
5.3.0-42-generic would fail with -EPERM.
So the fix works well, and we can now use bpf() even
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
eoan' to 'verification-done-eoan'. If the problem still exists, change
the tag 'verification
** Changed in: linux (Ubuntu Disco)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863234
Title:
Disabling bpf() syscall on kernel lockdown b
** Changed in: linux (Ubuntu Eoan)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863234
Title:
Disabling bpf() syscall on kernel lockdown br
Hi Brendan - What you're asking for is very different than the intent
behind this bug report. It'll be best if you open a new bug report.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863
This change also prevents BPF security programs from running (like those
we use at Netflix) making Ubuntu less secure.
In case I'm not being clear enough: this is the worst change I've ever
seen in operating systems.
Some people want lockdown? Let them opt in.
--
You received this bug notificat
The relaxed BPF restrictions still break BPF tracing and other things,
making Ubuntu no longer meet the debugability requirements for an
enterprise OS.
Lockdown should not be enabled by default. It needs to be opt-in, not
opt-out.
Tyler -- please fix Ubuntu.
--
You received this bug notificatio
Eoan: https://lists.ubuntu.com/archives/kernel-team/2020-February/107613.html
Disco: https://lists.ubuntu.com/archives/kernel-team/2020-February/107616.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.laun
** Description changed:
[Impact]
The bpf(2) system call is completely blocked in Disco and Eoan when
Secure Boot is enabled due to overly restrictive Lockdown policies. This
makes it so that all bpf related tools are not usable on those releases.
[Test Case]
Set up test BPF pr
** Description changed:
+ [Impact]
+
+ The bpf(2) system call is completely blocked in Disco and Eoan when
+ Secure Boot is enabled due to overly restrictive Lockdown policies. This
+ makes it so that all bpf related tools are not usable on those releases.
+
+ [Test Case]
+
+ Set up test BPF pr
** Changed in: linux (Ubuntu Disco)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu Eoan)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: linux (Ubuntu Eoan)
Assignee: (unassigne
Hi Quentin - Thanks for the bug report! I do think that relaxing the
eBPF restrictions in Eoan and Disco would be acceptable for Secure Boot
purposes.
** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Not adding kernel logs but changing to 'Confirmed'.
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1863234
Title:
Di
16 matches
Mail list logo