Public bug reported:

== Impact ==

Enabling CONFIG_BPF_LSM in the KConfig of Ubuntu Kernels, allowing users
to use BPF LSM programs.

== Background ==

The BPF LSM was merged into the Linux kernel 5.7

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=641cd7b06c911c5935c34f24850ea18690649917

https://outflux.net/blog/archives/2020/09/21/security-things-in-
linux-v5-7

It allows users to implement MAC and Audit Policies using BPF programs.
As a follow-up from the interest generated by the LSM on BPF/Linux
conferences and on request from users, we’d like to request the enabling
of CONFIG_BPF_LSM on Ubuntu starting with H.

The LSM won't be added to the list of active LSMs by default (in
CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
function call overhead by registering an empty LSM hook for all hooks.
However enabling it in the kernel config will support users who wish to
use BPF LSM programs without needing to replace their kernel image.

The LSM can be made "active" by default when our work on getting rid of
this overhead is merged in the kernel:

https://lore.kernel.org/bpf/20200820164753.3256899-1-jackm...@chromium.org

== Regression Potential ==

None. The LSM is not active by default, so it does not have any
performance or functional regression.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905975

Title:
  kernel: Enable CONFIG_BPF_LSM on Ubuntu

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1905975/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to