APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM
Stefan Bader
stefan.bader at canonical.com
Mon Jan 25 08:29:36 UTC 2021
On 22.01.21 20:31, Kelsey Skunberg wrote:
> On 2021-01-22 10:14:25 , Stefan Bader wrote:
>> On 15.12.20 10:03, Andrea Righi wrote:
>>> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>>>> From: KP Singh <kpsingh at google.com>
>>>>
>>>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>>>
>>>> [Impact]
>>>>
>>>> Allows users to implement MAC and Audit Policies using BPF programs.
>>>>
>>>> The LSM won't be added to the list of active LSMs by default (in
>>>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>>>> function call overhead by registering an empty callback for all hooks.
>>>>
>>>> The LSM can be made "active" by default when the upstream effort [1] of
>>>> getting rid of this overhead is merged in the mainline kernel.
>>>>
>>>> [Regression Potential]
>>>>
>>>> Since the LSM is not active by default, it does not cause any
>>>> functional or performance regression.
>>>>
>>>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
>>>>
>>>> Signed-off-by: KP Singh <kpsingh at google.com>
>>>> ---
>>>
>>> Applied to unstable. Thanks.
>>
>> I don't think we yet had a Hirsute kernel generally available that had this
>> turned on. Though I know I should be able to trust Kees, I still would like to
>> be cautious with Groovy and wait there was a chance to have this exposed in
>> Hirsute to a slightly bugger group.
>>
>> -Stefan
>
> Should this be treated as a NACK for Groovy on this patch for now?
No I would just leave it as pending. And once we have a bit of settling time in
hirsute we can add the second ack and pull it in.
-Stefan
>
> -Kelsey
>
>>>
>>> -Andrea
>>>
>>
>>
>
>
>
>
>> --
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210125/baecf73e/attachment.sig>
More information about the kernel-team
mailing list