Adding bpf to CONFIG_LSM in 5.13 kernels
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Linux kernel since 5.7 allows to write eBPF programs which can be attached to LSM hooks. More details here:
https:/
There are already projects trying to leverage that
systemd with the restrict-fs feature
https:/
https:/
https:/
However, BPF LSM has to be enabled by adding bpf to CONFIG_LSM.
That was already done in:
Arch Linux
Fedora
openSUSE
https:/
Could we please enable BPF LSM in Ubuntu kernels as well? Without that change, users trying to play with the mentioned projects have to edit their /etc/default/grub to add bpf LSM.
Changed in linux (Ubuntu): | |
status: | Expired → Triaged |
importance: | Undecided → Medium |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1964941
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.