Bug#880615: linux-latest: systemd complains about CONFIG_BPF_SYSCALL not being set

2018-01-13 Thread Heinrich Schuchardt 

The systemd documentation at
https://github.com/systemd/systemd/blob/master/README
states:

Required for IPAddressDeny= and IPAddressAllow= in resource control unit 
settings:

CONFIG_CGROUP_BPF

Please, enable this in the kernel configuration.

Best regards

Heinrich Schuchardt

Processed: Re: Bug#880615: linux-latest: systemd complains about CONFIG_BPF_SYSCALL not being set

2017-12-24 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + moreinfo
Bug #880615 [src:linux] linux-latest: systemd complains about 
CONFIG_BPF_SYSCALL not being set
Added tag(s) moreinfo.

-- 
880615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880615
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#880615: linux-latest: systemd complains about CONFIG_BPF_SYSCALL not being set

2017-12-24 Thread Salvatore Bonaccorso 
Control: tags -1 + moreinfo

Hi

On Thu, Nov 02, 2017 at 12:45:33PM -0700, Francois Marier wrote:
> Source: linux-latest
> Version: 86
> Severity: normal
> 
> systemd complains in syslog about Debian kernels not supporting BPF/cgroup
> firewalling:
> 
>   systemd[1]: File /lib/systemd/system/systemd-udevd.service:32 configures an 
> IP firewall (IPAddressDeny=any), but the local system does not support 
> BPF/cgroup based firewalling.
>   systemd[1]: File /lib/systemd/system/systemd-logind.service:35 configures 
> an IP firewall (IPAddressDeny=any), but the local system does not support 
> BPF/cgroup based firewalling.
>   systemd[1]: File /lib/systemd/system/systemd-journald.service:33 configures 
> an IP firewall (IPAddressDeny=any), but the local system does not support 
> BPF/cgroup based firewalling.
> 
> According to this upstream bug:
> 
>   https://github.com/systemd/systemd/issues/7188
> 
> it's just a matter of adding the following to the kernel config:
> 
>   CONFIG_BPF_SYSCALL=y

CONFIG_BPF_SYSCALL=y is already set since 4.2.5-1. Should that be
CONFIG_CGROUP_BPF in addition (cf. #872560).

Regards,
Salvatore