From: Ondrej Mosnacek <[email protected]> configs: enable BPF LSM on Fedora and ARK
We are going to want to enable BPF LSM in RHEL, so start building it on ARK and update the default LSM list so that it is enabled on boot by default (to enable testing). It should have almost no performance impact unless userspace attaches some BPF programs to the hooks. Users can still completely turn it off by adding lsm="yama,integrity,selinux" to the kernel command line. Signed-off-by: Ondrej Mosnacek <[email protected]> diff a/redhat/configs/common/generic/CONFIG_BPF_LSM b/redhat/configs/common/generic/CONFIG_BPF_LSM --- a/redhat/configs/common/generic/CONFIG_BPF_LSM +++ b/redhat/configs/common/generic/CONFIG_BPF_LSM @@ -1 +1 @@ -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y diff a/redhat/configs/common/generic/CONFIG_LSM b/redhat/configs/common/generic/CONFIG_LSM --- a/redhat/configs/common/generic/CONFIG_LSM +++ b/redhat/configs/common/generic/CONFIG_LSM @@ -1 +1 @@ -CONFIG_LSM="yama,integrity,selinux" +CONFIG_LSM="yama,integrity,selinux,bpf" diff a/redhat/configs/fedora/generic/CONFIG_BPF_LSM b/redhat/configs/fedora/generic/CONFIG_BPF_LSM --- a/redhat/configs/fedora/generic/CONFIG_BPF_LSM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_BPF_LSM=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/922 _______________________________________________ kernel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
