kernel / kernel-source

Clone
Source Code
GIT

c2c25b config: Enable BPF LSM

6 files Authored by Michal Rostecki 2 years ago, Committed by Michal Kubecek 2 years ago,
raw patch tree parent
6 files changed. 6 lines added. 6 lines removed.
config/arm64/default
file modified
+1 -1
config/armv7hl/default
file modified
+1 -1
config/ppc64/default
file modified
+1 -1
config/ppc64le/default
file modified
+1 -1
config/s390x/default
file modified
+1 -1
config/x86_64/default
file modified
+1 -1 
    config: Enable BPF LSM
    
    This LSM might get more adoption both in core system projects and
    container/k8s works and it would be good to be ready to support them.
    
    BPF LSM is a feature available since kernel 5.7 which allows to write
    BPF programs attached to LSM hooks and allowing/denying a particular
    event.
    
    BPF LSM is already adopted in a (not yet default) restrict-fs feature in
    systemd[0].
    
    BPF LSM is also used in the lockc[1] project which we develop at SUSE.
    
    There should be no functional or performance changes for users who don't
    load any BPF LSM programs. BPF LSM works only if some BPF programs is
    explicitly loaded.
    
    [0] https://github.com/systemd/systemd/blob/main/src/core/bpf/restrict_fs/restrict-fs.bpf.c
    [1] https://github.com/rancher-sandbox/lockc
    
    Signed-off-by: Michal Rostecki <mrostecki@suse.de>
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.