ACK: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM
Andrea Righi
andrea.righi at canonical.com
Tue Dec 15 08:49:31 UTC 2020
On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
I think it'd be intersting to have this feature. Moreover it doesn't add
any extra overhead if not explicitly enabled, therefore:
Acked-by: Andrea Righi <andrea.righi at canonical.com>
More information about the kernel-team
mailing list