quick google search comes up with: https://falco.org/docs/event-sources/kernel/ https://medium.com/@lumontec/some-freshness-with-linux-security-modules-and-ebpf-676ac363a135 https://blog.aquasec.com/linux-security-with-tracee-and-ebpf https://www.infoq.com/presentations/facebook-google-bpf-linux-kernel/ https://kubearmor.io
It's the generic hypothetical solutions that drives innovation to sw engineering. On Tue, Sep 26, 2023 at 6:30 PM Thadeu Lima de Souza Cascardo < 2036...@bugs.launchpad.net> wrote: > > BPF LSM is the only major LSM that has a potential platform available > for targeting generic sw security solutions and generic performance sw > solutions between multiple distros. > > So no specific software solution in mind? Only generic hypothetical > solutions? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/2036281 > > Title: > activate bpf LSM by default > > Status in linux package in Ubuntu: > Incomplete > > Bug description: > in Fedora/RHEL if I want to see if the bpf LSM is active/available in > the kernel I can go here: > > [root@virtualrocky]# cat /sys/kernel/security/lsm > lockdown,capability,yama,selinux,bpf[root@virtualrocky]# > > but if I do the same thing in Ubuntu 22.0.4 bpf is NOT there: > > root@virtual-ubuntu2204:/# cat /sys/kernel/security/lsm > lockdown,capability,landlock,yama,apparmorroot@virtual-ubuntu2204:/# > > Please add bpf LSM to the CONFIG_LSM > > See discourse for background info > > https://discourse.ubuntu.com/t/ask-us-anything-about-ubuntu- > kernels/27664/127?u=why2jjj > > root@virtual-ubuntu2204:/opt/# cat /proc/version_signature > Ubuntu 5.15.0-82.91-generic 5.15.111 > > THANK YOU! > --- > ProblemType: Bug > ApportVersion: 2.20.11-0ubuntu82.5 > Architecture: amd64 > AudioDevicesInUse: > USER PID ACCESS COMMAND > /dev/snd/controlC0: jfreyensee 2526 F.... pulseaudio > CRDA: N/A > CasperMD5CheckResult: pass > CloudArchitecture: x86_64 > CloudID: none > CloudName: none > CloudPlatform: none > CloudSubPlatform: config > CurrentDesktop: ubuntu:GNOME > DistroRelease: Ubuntu 22.04 > InstallationDate: Installed on 2023-08-29 (17 days ago) > InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release > amd64 (20230810) > MachineType: Parallels Software International Inc. Parallels Virtual > Platform > NonfreeKernelModules: prl_fs_freeze prl_fs prl_eth prl_tg > Package: linux (not installed) > ProcEnviron: > TERM=xterm-256color > PATH=(custom, no user) > LANG=en_US.UTF-8 > SHELL=/bin/bash > ProcFB: 0 virtio_gpudrmfb > ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-82-generic > root=/dev/mapper/ubuntu--vg-ubuntu--lv ro > ProcVersionSignature: Ubuntu 5.15.0-82.91-generic 5.15.111 > PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No > PulseAudio daemon running, or not running as session daemon. > RebootRequiredPkgs: Error: path contained symlinks. > RelatedPackageVersions: > linux-restricted-modules-5.15.0-82-generic N/A > linux-backports-modules-5.15.0-82-generic N/A > linux-firmware > 20220329.git681281e4-0ubuntu3.18 > RfKill: > > Tags: jammy uec-images > Uname: Linux 5.15.0-82-generic x86_64 > UpgradeStatus: No upgrade log present (probably fresh install) > UserGroups: N/A > _MarkForUpload: True > dmi.bios.date: 07/03/2023 > dmi.bios.release: 18.3 > dmi.bios.vendor: Parallels Software International Inc. > dmi.bios.version: 18.3.2 (53621) > dmi.board.name: Parallels Virtual Platform > dmi.board.vendor: Parallels Software International Inc. > dmi.board.version: None > dmi.chassis.type: 2 > dmi.chassis.vendor: Parallels Software International Inc. > dmi.ec.firmware.release: 18.3 > dmi.modalias: > dmi:bvnParallelsSoftwareInternationalInc.:bvr18.3.2(53621):bd07/03/2023:br18.3:efr18.3:svnParallelsSoftwareInternationalInc.:pnParallelsVirtualPlatform:pvrNone:rvnParallelsSoftwareInternationalInc.:rnParallelsVirtualPlatform:rvrNone:cvnParallelsSoftwareInternationalInc.:ct2:cvr:skuUndefined: > dmi.product.family: Parallels VM > dmi.product.name: Parallels Virtual Platform > dmi.product.sku: Undefined > dmi.product.version: None > dmi.sys.vendor: Parallels Software International Inc. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036281/+subscriptions > > -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2036281 Title: activate bpf LSM by default Status in linux package in Ubuntu: Incomplete Bug description: in Fedora/RHEL if I want to see if the bpf LSM is active/available in the kernel I can go here: [root@virtualrocky]# cat /sys/kernel/security/lsm lockdown,capability,yama,selinux,bpf[root@virtualrocky]# but if I do the same thing in Ubuntu 22.0.4 bpf is NOT there: root@virtual-ubuntu2204:/# cat /sys/kernel/security/lsm lockdown,capability,landlock,yama,apparmorroot@virtual-ubuntu2204:/# Please add bpf LSM to the CONFIG_LSM See discourse for background info https://discourse.ubuntu.com/t/ask-us-anything-about-ubuntu- kernels/27664/127?u=why2jjj root@virtual-ubuntu2204:/opt/# cat /proc/version_signature Ubuntu 5.15.0-82.91-generic 5.15.111 THANK YOU! --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: jfreyensee 2526 F.... pulseaudio CRDA: N/A CasperMD5CheckResult: pass CloudArchitecture: x86_64 CloudID: none CloudName: none CloudPlatform: none CloudSubPlatform: config CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2023-08-29 (17 days ago) InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230810) MachineType: Parallels Software International Inc. Parallels Virtual Platform NonfreeKernelModules: prl_fs_freeze prl_fs prl_eth prl_tg Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-82-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro ProcVersionSignature: Ubuntu 5.15.0-82.91-generic 5.15.111 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: linux-restricted-modules-5.15.0-82-generic N/A linux-backports-modules-5.15.0-82-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.18 RfKill: Tags: jammy uec-images Uname: Linux 5.15.0-82-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: N/A _MarkForUpload: True dmi.bios.date: 07/03/2023 dmi.bios.release: 18.3 dmi.bios.vendor: Parallels Software International Inc. dmi.bios.version: 18.3.2 (53621) dmi.board.name: Parallels Virtual Platform dmi.board.vendor: Parallels Software International Inc. dmi.board.version: None dmi.chassis.type: 2 dmi.chassis.vendor: Parallels Software International Inc. dmi.ec.firmware.release: 18.3 dmi.modalias: dmi:bvnParallelsSoftwareInternationalInc.:bvr18.3.2(53621):bd07/03/2023:br18.3:efr18.3:svnParallelsSoftwareInternationalInc.:pnParallelsVirtualPlatform:pvrNone:rvnParallelsSoftwareInternationalInc.:rnParallelsVirtualPlatform:rvrNone:cvnParallelsSoftwareInternationalInc.:ct2:cvr:skuUndefined: dmi.product.family: Parallels VM dmi.product.name: Parallels Virtual Platform dmi.product.sku: Undefined dmi.product.version: None dmi.sys.vendor: Parallels Software International Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036281/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
