Public bug reported: == Impact ==
Enabling CONFIG_BPF_LSM in the KConfig of Ubuntu Kernels, allowing users to use BPF LSM programs. == Background == The BPF LSM was merged into the Linux kernel 5.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=641cd7b06c911c5935c34f24850ea18690649917 https://outflux.net/blog/archives/2020/09/21/security-things-in- linux-v5-7 It allows users to implement MAC and Audit Policies using BPF programs. As a follow-up from the interest generated by the LSM on BPF/Linux conferences and on request from users, we’d like to request the enabling of CONFIG_BPF_LSM on Ubuntu starting with H. The LSM won't be added to the list of active LSMs by default (in CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect function call overhead by registering an empty LSM hook for all hooks. However enabling it in the kernel config will support users who wish to use BPF LSM programs without needing to replace their kernel image. The LSM can be made "active" by default when our work on getting rid of this overhead is merged in the kernel: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackm...@chromium.org == Regression Potential == None. The LSM is not active by default, so it does not have any performance or functional regression. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905975 Title: kernel: Enable CONFIG_BPF_LSM on Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1905975/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
