Bug#1039896: systemd: Please consider enabling the BPF_FRAMEWORK config
Luca Boccassi
bluca at debian.org
Thu Jun 29 11:24:33 BST 2023
On Thu, 29 Jun 2023 10:16:19 +0000 undef <debian at undef.tools> wrote:
> Package: systemd
> Version: 252.6-1
> Severity: wishlist
> X-Debbugs-Cc: Undef <debian at undef.tools>
>
> Dear Maintainer,
>
> This config, enabled by adding `-DBPF_FRAMEWORK=true` would allow
settings such as
> `IPAddressAllow` and RestrictFileSystems` to be used to harden
services on Debian systems.
>
> `CONFIG_BPF_LSM` seems to already be enabled in Debian's kernels so
in theory the only
> change required should be adding the above setting to the Systemd
build.
We intentionally kept it disabled as libbpf broke API and ABI recently,
and we don't want to be caught in the crossfire here, we need stable
interfaces.
Further in the trixie dev cycle we can see what the situation is, and
whether compatibility was maintained or it broke again, and re-
evaluate.
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20230629/cfbefeee/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list