ACK: [SRU][R:raspi/Q:raspi/N:raspi][PATCH 0/3] CONFIG_BPF_LSM not enabled in linux-raspi arm64 kernel (LP: #2150798)
Vinicius Peixoto
vinicius.peixoto at canonical.com
Wed May 6 08:51:41 UTC 2026
On Fri May 1, 2026 at 9:29 AM -03, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/2150798
>
> [ Impact ]
>
> The linux-raspi kernel flavor on Ubuntu 24.04 (Noble) arm64 does not have
> CONFIG_BPF_LSM enabled, while linux-image-generic arm64 does. This prevents
> Raspberry Pi users from using BPF LSM programs for security enforcement, even
> via the lsm= boot parameter.
>
> The raspi config annotations in Noble explicitly override the parent kernel's
> setting:
>
> CONFIG_BPF_LSM policy<{'arm64': 'n'}> note<'Different from master'>
>
> Additionally, the 26.04 (Resolute) linux-raspi changelog for 7.0.0-1009 includes
> "[Config] Enable CONFIG_BPF_LSM", but debian.raspi/config/config.common.ubuntu
> still contains "# CONFIG_BPF_LSM is not set". This appears to be an incomplete
> rollout of the intended change.
>
>
> [ Test Case ]
>
> $ grep CONFIG_BPF_LSM /boot/config-$(uname -r)
> CONFIG_BPF_LSM=y
>
>
> [ Where Problems Could Occur ]
>
> Turning this on doesn't do anything by itself but badly written hooks can bring down the system.
Acked-by: Vinicius Peixoto <vinicius.peixoto at canonical.com>
More information about the kernel-team
mailing list