APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM
Kelsey Skunberg
kelsey.skunberg at canonical.com
Fri Jan 22 19:31:50 UTC 2021
On 2021-01-22 10:14:25 , Stefan Bader wrote:
> On 15.12.20 10:03, Andrea Righi wrote:
> > On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> >> From: KP Singh <kpsingh at google.com>
> >>
> >> Buglink: https://bugs.launchpad.net/bugs/1905975
> >>
> >> [Impact]
> >>
> >> Allows users to implement MAC and Audit Policies using BPF programs.
> >>
> >> The LSM won't be added to the list of active LSMs by default (in
> >> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> >> function call overhead by registering an empty callback for all hooks.
> >>
> >> The LSM can be made "active" by default when the upstream effort [1] of
> >> getting rid of this overhead is merged in the mainline kernel.
> >>
> >> [Regression Potential]
> >>
> >> Since the LSM is not active by default, it does not cause any
> >> functional or performance regression.
> >>
> >> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> >>
> >> Signed-off-by: KP Singh <kpsingh at google.com>
> >> ---
> >
> > Applied to unstable. Thanks.
>
> I don't think we yet had a Hirsute kernel generally available that had this
> turned on. Though I know I should be able to trust Kees, I still would like to
> be cautious with Groovy and wait there was a chance to have this exposed in
> Hirsute to a slightly bugger group.
>
> -Stefan
Should this be treated as a NACK for Groovy on this patch for now?
-Kelsey
> >
> > -Andrea
> >
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list