Comment 3 for bug 1851056

Valtteri Vainikka (vrln) wrote :

Just tested the systemd version from your PPA...

There are some changes:

[ 1.883017] systemd[1]: systemd 242 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4>
[ 1.901801] systemd[1]: Detected architecture x86-64.
[ 1.903755] systemd[1]: Set hostname to <ubuntu>.
[ 1.904376] systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
[ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7
[ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
[ 1.948713] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socke>
[ 1.981938] systemd[1]: Reached target Remote File Systems.
[ 1.982012] systemd[1]: Listening on fsck to fsckd communication Socket.
[ 1.982049] systemd[1]: Listening on udev Kernel Socket.
[ 1.982612] systemd[1]: Listening on Syslog Socket.
[ 1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP firewall, but the local system does not support BPF/cgroup firewalling.

So there is still the mention about the local system not supporting BPF/cgroup firewalling (not sure if that is normal), but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with the new systemd package.

With the old systemd package it used to be:

[ 2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
[ 2.136885] systemd[1]: File /lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
[ 2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)