Adding bpf to CONFIG_LSM in linux kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Jammy |
Triaged
|
Medium
|
Unassigned | ||
Mantic |
Won't Fix
|
Medium
|
Unassigned | ||
Noble |
Triaged
|
Medium
|
Unassigned |
Bug Description
Linux kernel since 5.7 allows to write eBPF programs which can be attached to LSM hooks. More details here:
https:/
There are already projects trying to leverage that
systemd with the restrict-fs feature
https:/
https:/
https:/
However, BPF LSM has to be enabled by adding bpf to CONFIG_LSM.
That was already done in:
Arch Linux
Fedora
openSUSE
https:/
Debian
https:/
RedHat
Could we please enable BPF LSM in Ubuntu kernels as well? Without that change, users trying to play with the mentioned projects have to edit their /etc/default/grub to add bpf LSM.
description: | updated |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Mantic): | |
status: | New → Triaged |
Changed in linux (Ubuntu Jammy): | |
status: | New → Triaged |
Changed in linux (Ubuntu Noble): | |
status: | Confirmed → Triaged |
Changed in linux (Ubuntu Mantic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Mantic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Mantic): | |
status: | Won't Fix → Confirmed |
status: | Confirmed → Won't Fix |
(This is reposting 1964941 which appears to have expired)