Snippets Groups Projects

Due to an influx of spam, we had to disable account registrations. If you don't have an account yet, please write an email to support@manjaro.org, with your desired username. Sorry for the inconvenience.

This is an archived project. Repository and other project resources are read-only.

Enable BPF LSM

Linux kernel since 5.7 allows to write eBPF programs which can be attached to LSM hooks. More details here:

https://www.kernel.org/doc/html/v5.9/bpf/bpf_lsm.html

There are already projects trying to leverage that:

systemd with the restrict-fs feature
- https://github.com/systemd/systemd/blob/main/src/core/bpf/restrict_fs/restrict-fs.bpf.c
https://github.com/linux-lock/bpflock
https://github.com/rancher-sandbox/lockc

However, BPF LSM has to be enabled by adding bpf to CONFIG_LSM.

That was already done in:

Without setting that variable in default configs, users who want to try the mentioned projects have to manually edit kernel parameters in /etc/default/grub, which is not really user-friendly.

Could we enable BPF LSM in Manjaro as well?

Edited 3 years ago

Designs

Child items ...

Activity

Michal Rostecki changed the description 3 years ago

changed the description
Michal Rostecki changed the description 3 years ago

changed the description
Bernhard Landauer mentioned in commit 93f3c245 3 years ago

mentioned in commit 93f3c245
Bernhard Landauer mentioned in commit linux516@541a3e3f 3 years ago

mentioned in commit linux516@541a3e3f
Bernhard Landauer closed 3 years ago

closed

Please register or sign in to reply

Due date

None

Health status

None

Confidentiality

Confidentiality controls have moved to the issue actions menu () at the top of the page.

0 Participants