From 7079600beb226d4b978e27a78b00f52dcd0d4483 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremy@jcline.org>
Date: Mar 26 2018 14:21:21 +0000
Subject: Fix efi-lockdown.patch for upstream BPF change


Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched
the if statement around.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>

---

diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index db408ef..ceb0ca7 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1846,7 +1846,7 @@ index e24aa3241387..3ea87a004771 100644
 --- a/kernel/bpf/syscall.c
 +++ b/kernel/bpf/syscall.c
 @@ -1848,6 +1848,9 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
- 	if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
+ 	if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
  		return -EPERM;
 
 +	if (kernel_is_locked_down("BPF"))