Folks, A big +1 for enabling bpf LSM by default in the bootconfig. We are maintainers of KubeArmor (kubearmor.io) and we see that BPF LSM can go a long way in securing the k8s/containers/VM environments. Not having BPF LSM by default is a hindrance in the security of these systems. While we have not formally performance benchmarked BPF LSM, we enable it for our users using a script (which is a pain) ... None of our users have complained of the performance issue after enabling bpf-lsm.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2036281 Title: activate bpf LSM by default Status in linux package in Ubuntu: Incomplete Bug description: in Fedora/RHEL if I want to see if the bpf LSM is active/available in the kernel I can go here: [root@virtualrocky]# cat /sys/kernel/security/lsm lockdown,capability,yama,selinux,bpf[root@virtualrocky]# but if I do the same thing in Ubuntu 22.0.4 bpf is NOT there: root@virtual-ubuntu2204:/# cat /sys/kernel/security/lsm lockdown,capability,landlock,yama,apparmorroot@virtual-ubuntu2204:/# Please add bpf LSM to the CONFIG_LSM See discourse for background info https://discourse.ubuntu.com/t/ask-us-anything-about-ubuntu- kernels/27664/127?u=why2jjj root@virtual-ubuntu2204:/opt/# cat /proc/version_signature Ubuntu 5.15.0-82.91-generic 5.15.111 THANK YOU! --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: jfreyensee 2526 F.... pulseaudio CRDA: N/A CasperMD5CheckResult: pass CloudArchitecture: x86_64 CloudID: none CloudName: none CloudPlatform: none CloudSubPlatform: config CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2023-08-29 (17 days ago) InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230810) MachineType: Parallels Software International Inc. Parallels Virtual Platform NonfreeKernelModules: prl_fs_freeze prl_fs prl_eth prl_tg Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-82-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro ProcVersionSignature: Ubuntu 5.15.0-82.91-generic 5.15.111 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: linux-restricted-modules-5.15.0-82-generic N/A linux-backports-modules-5.15.0-82-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.18 RfKill: Tags: jammy uec-images Uname: Linux 5.15.0-82-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: N/A _MarkForUpload: True dmi.bios.date: 07/03/2023 dmi.bios.release: 18.3 dmi.bios.vendor: Parallels Software International Inc. dmi.bios.version: 18.3.2 (53621) dmi.board.name: Parallels Virtual Platform dmi.board.vendor: Parallels Software International Inc. dmi.board.version: None dmi.chassis.type: 2 dmi.chassis.vendor: Parallels Software International Inc. dmi.ec.firmware.release: 18.3 dmi.modalias: dmi:bvnParallelsSoftwareInternationalInc.:bvr18.3.2(53621):bd07/03/2023:br18.3:efr18.3:svnParallelsSoftwareInternationalInc.:pnParallelsVirtualPlatform:pvrNone:rvnParallelsSoftwareInternationalInc.:rnParallelsVirtualPlatform:rvrNone:cvnParallelsSoftwareInternationalInc.:ct2:cvr:skuUndefined: dmi.product.family: Parallels VM dmi.product.name: Parallels Virtual Platform dmi.product.sku: Undefined dmi.product.version: None dmi.sys.vendor: Parallels Software International Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036281/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
