Hi Brian / Magali - makes sense re: not supporting Ubuntu Mantic given its EOL. What about the LTS distros, such as those used by cloud providers per my recent messages? Any progress on or anything we can do to help with getting ",bpf" added to "CONFIG_LSM"?
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2054810 Title: Adding bpf to CONFIG_LSM in linux kernel Status in linux package in Ubuntu: Triaged Status in linux source package in Jammy: Triaged Status in linux source package in Mantic: Won't Fix Status in linux source package in Noble: Triaged Bug description: Linux kernel since 5.7 allows to write eBPF programs which can be attached to LSM hooks. More details here: https://www.kernel.org/doc/html/v5.9/bpf/bpf_lsm.html There are already projects trying to leverage that systemd with the restrict-fs feature https://github.com/systemd/systemd/blob/main/src/core/bpf/restrict_fs/restrict-fs.bpf.c https://github.com/linux-lock/bpflock https://github.com/lockc-project/lockc However, BPF LSM has to be enabled by adding bpf to CONFIG_LSM. That was already done in: Arch Linux https://github.com/archlinux/svntogit- packages/blob/4615bb2493649ad6fa133f864f94cb95c824f361/trunk/config#L9963 Fedora https://fedorapeople.org/cgit/thl/public_git/kernel.git/tree/kernel-x86_64-fedora.config?h=kernel-5.17.0-0.rc5.20220225git53ab78cd6d5a.106.vanilla.1.fc34&id=e661d91eb909e777a9d28425ef50fcc5ef7fa5ed#n3291 openSUSE https://github.com/openSUSE/kernel- source/commit/c2c25b18721866d6211054f542987036ed6e0a50 Debian https://salsa.debian.org/kernel- team/linux/-/blob/master/debian/config/config?ref_type=heads#L7713 RedHat https://access.redhat.com/labs/rhcb/RHEL-8.9/kernel-4.18.0-513.18.1.el8/source/blob/redhat/configs/generic/CONFIG_LSM Could we please enable BPF LSM in Ubuntu kernels as well? Without that change, users trying to play with the mentioned projects have to edit their /etc/default/grub to add bpf LSM. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2054810/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
