> [ 1.904409] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
> kernel_lockdown.7
> [ 1.907029] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7

these messages actually come from the kernel, I believe they are
expected (maybe only in secure boot mode, I haven't looked into the new
'lockdown' stuff yet).  The lack of 'kernel_lockdown' manpage appears to
be already reported in bug 1767971.

> [ 1.982629] systemd[1]: system-systemd\x2dfsck.slice: unit configures an IP 
> firewall,
> but the local system does not support BPF/cgroup firewalling.
> So there is still the mention about the local system not supporting BPF/cgroup
> firewalling (not sure if that is normal), 

Hmm, that probably needs a further look...can you open a new bug for
that, so we can use this one only to fix the scary systemd 'WITHOUT
firewalling' log?

> but the "Proceeding WITHOUT firewalling in effect!" warning is now gone with 
> the new systemd package.

great; thnx!

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.

  "Proceeding WITHOUT firewalling in effect!" warning

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Hello everyone,

  I noticed a strange systemd warning in my kernel log about "Proceeding
  WITHOUT firewalling in effect!" There is an older Debian bug mention
  about this same issue and it is said there that it was fixed last
  year: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872560

  Release: Ubuntu 19.10, fresh install, latest updates with updates-testing 
repository enabled
  Systemd-package version: 242-7ubuntu3
  Kernel: Linux 5.3.0-21-generic

  Here is the relevant warning information via running sudo dmesg after

  [    2.096064] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man 
  [    2.101034] Lockdown: systemd: BPF is restricted; see man kernel_lockdown.7
  [    2.136885] systemd[1]: File 
/lib/systemd/system/systemd-journald.service:12 configures an IP firewall 
(IPAddressDeny=any), but the local system does not support BPF/cgroup based 
  [    2.142209] systemd[1]: Proceeding WITHOUT firewalling in effect! (This 
warning is only shown for the first loaded unit using IP firewalling.)
  [    2.158190] systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= 
references a path below legacy directory /var/run/, updating 
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update 
the unit file accordingly.
  [    2.197029] systemd[1]: Listening on Journal Socket.
  [    2.203708] systemd[1]: Starting Create list of required static device 
nodes for the current kernel...
  [    2.243900] bpfilter: Loaded bpfilter_umh pid 420
  #Continues normally from here without anything that seems odd

  The included attachment .txt has more information. From what I've read
  online from various bug trackers from other distributions this should
  be related to a missing kernel option (CONFIG_BPF_SYSCALL=y), but this
  option seems to be enabled:

  # Output after running in commandline: grep BPF /boot/config-`uname -r`
  # Kernel settings seem to be correct?

  Also my friend just installed 19.10 on his machine and is seeing the
  same warning, but I haven't found anyone else mentioning this issue at
  least on the latest Ubuntu 19.10. The same warning message is
  appearing if I run Ubuntu 19.10 in live mode from the USB stick.

  What I expected to happen: no such error (it doesn't appear on Fedora
  or openSUSE Tumbleweed that I've recently had installed on my other

  What happened instead: error appears during every boot sequence

  It's also worth stressing that the firewall is functioning just fine
  (using standard ufw) despite the error, so I'm guessing this is a
  harmless warning.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to