Comment 9 for bug 1863234

Tested kernel 5.3.0-43-generic from -proposed, on eoan with Secure Boot/Lockdown enabled. Running 'sudo bpftool prog' works and lists BPF programs loaded on the system, via the bpf() syscall. Same test on 5.3.0-42-generic would fail with -EPERM.

So the fix works well, and we can now use bpf() even with Lockdown, thanks! I'll update the verification tag. This is definitely an improvement, although the resolution here will not address Brendan's concerns for tracing.