diff options
Diffstat (limited to 'init/Kconfig')
| -rw-r--r-- | init/Kconfig | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index f23e90d9935f..e6216dc2a1d1 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1609,6 +1609,16 @@ config BPF_JIT_ALWAYS_ON Enables BPF JIT and removes BPF interpreter to avoid speculative execution of BPF instructions by the interpreter +config BPF_UNPRIV_DEFAULT_OFF + bool "Disable unprivileged BPF by default" + depends on BPF_SYSCALL + help + Disables unprivileged BPF by default by setting the corresponding + /proc/sys/kernel/unprivileged_bpf_disabled knob to 2. An admin can + still reenable it by setting it to 0 later on, or permanently + disable it by setting it to 1 (from which no other transition to + 0 is possible anymore). + config USERFAULTFD bool "Enable userfaultfd() system call" depends on MMU |