Merge "Set /proc/sys/net/core/bpf_jit_{enable,kallsyms} to 1"

commit: 089fb876e4a63f3d9f39e45eab6a55d42b900a58 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Sat Feb 01 01:26:01 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Sat Feb 01 01:26:01 2020 +0000
tree: cbefafc992d1c515ac39b68c3de1c6c12143b90d
parent: ef2dc8e0a9ad9ba8354a390971ebf4d28da2c875 [diff]
parent: a391148649bd6f6daa91ba5058e14f4e590ab5a2 [diff]
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 4404c17..e8da02d 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc

@@ -31,3 +31,11 @@
     #
     rlimit memlock 1073741824 1073741824
     oneshot
+
+# Need to make sure this runs *before* the bpfloader.
+on early-init
+    # Enable the eBPF JIT -- but do note that it is likely already force enabled
+    # by the kernel config option BPF_JIT_ALWAYS_ON
+    write /proc/sys/net/core/bpf_jit_enable 1
+    # Enable JIT kallsyms export for privileged users only
+    write /proc/sys/net/core/bpf_jit_kallsyms 1
commit	089fb876e4a63f3d9f39e45eab6a55d42b900a58	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Sat Feb 01 01:26:01 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Sat Feb 01 01:26:01 2020 +0000
tree	cbefafc992d1c515ac39b68c3de1c6c12143b90d
parent	ef2dc8e0a9ad9ba8354a390971ebf4d28da2c875 [diff]
parent	a391148649bd6f6daa91ba5058e14f4e590ab5a2 [diff]