> [ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7
> [ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
these messages actually come from the kernel, I believe they are expected (maybe only in secure boot mode, I haven't looked into the new 'lockdown' stuff yet). The lack of 'kernel_lockdown' manpage appears to be already reported in bug 1767971.
> [ 1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP firewall,
> but the local system does not support BPF/cgroup firewalling.
>
> So there is still the mention about the local system not supporting BPF/cgroup
> firewalling (not sure if that is normal),
Hmm, that probably needs a further look...can you open a new bug for that, so we can use this one only to fix the scary systemd 'WITHOUT firewalling' log?
> but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with
> the new systemd package.
> [ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7
> [ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
these messages actually come from the kernel, I believe they are expected (maybe only in secure boot mode, I haven't looked into the new 'lockdown' stuff yet). The lack of 'kernel_lockdown' manpage appears to be already reported in bug 1767971.
> [ 1.982629] systemd[1]: system- systemd\ x2dfsck. slice: unit configures an IP firewall,
> but the local system does not support BPF/cgroup firewalling.
>
> So there is still the mention about the local system not supporting BPF/cgroup
> firewalling (not sure if that is normal),
Hmm, that probably needs a further look...can you open a new bug for that, so we can use this one only to fix the scary systemd 'WITHOUT firewalling' log?
> but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with
> the new systemd package.
great; thnx!