APPLIED[G]/CMT: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM
Kelsey Skunberg
kelsey.skunberg at canonical.com
Fri Mar 12 01:19:37 UTC 2021
Applied to Groovy master-next. Included the annotations changes, too.
Thank you!
-Kelsey
On 2020-11-30 23:14:03 , KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
>
> Signed-off-by: KP Singh <kpsingh at google.com>
> ---
> debian.master/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
> CONFIG_BPF_JIT_ALWAYS_ON=y
> CONFIG_BPF_JIT_DEFAULT_ON=y
> CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
> CONFIG_BPF_STREAM_PARSER=y
> CONFIG_BPF_SYSCALL=y
> CONFIG_BPQETHER=m
> --
> 2.29.2.454.gaff20da3a2-goog
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list