Comment 5 for bug 1851056

Dan Streetman (ddstreet) wrote :

> [ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7
> [ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7

these messages actually come from the kernel, I believe they are expected (maybe only in secure boot mode, I haven't looked into the new 'lockdown' stuff yet). The lack of 'kernel_lockdown' manpage appears to be already reported in bug 1767971.

> [ 1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP firewall,
> but the local system does not support BPF/cgroup firewalling.
> So there is still the mention about the local system not supporting BPF/cgroup
> firewalling (not sure if that is normal),

Hmm, that probably needs a further look...can you open a new bug for that, so we can use this one only to fix the scary systemd 'WITHOUT firewalling' log?

> but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with
> the new systemd package.

great; thnx!