APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM
Stefan Bader
stefan.bader at canonical.com
Fri Jan 22 09:14:25 UTC 2021
On 15.12.20 10:03, Andrea Righi wrote:
> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>> From: KP Singh <kpsingh at google.com>
>>
>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>
>> [Impact]
>>
>> Allows users to implement MAC and Audit Policies using BPF programs.
>>
>> The LSM won't be added to the list of active LSMs by default (in
>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>> function call overhead by registering an empty callback for all hooks.
>>
>> The LSM can be made "active" by default when the upstream effort [1] of
>> getting rid of this overhead is merged in the mainline kernel.
>>
>> [Regression Potential]
>>
>> Since the LSM is not active by default, it does not cause any
>> functional or performance regression.
>>
>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
>>
>> Signed-off-by: KP Singh <kpsingh at google.com>
>> ---
>
> Applied to unstable. Thanks.
I don't think we yet had a Hirsute kernel generally available that had this
turned on. Though I know I should be able to trust Kees, I still would like to
be cautious with Groovy and wait there was a chance to have this exposed in
Hirsute to a slightly bugger group.
-Stefan
>
> -Andrea
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210122/e485ebbf/attachment.sig>
More information about the kernel-team
mailing list