From: Ondrej Mosnacek <omosnace@xxxxxxxxxx> configs: enable BPF LSM on Fedora and ARK We are going to want to enable BPF LSM in RHEL, so start building it on ARK and update the default LSM list so that it is enabled on boot by default (to enable testing). It should have almost no performance impact unless userspace attaches some BPF programs to the hooks. Users can still completely turn it off by adding lsm="yama,integrity,selinux" to the kernel command line. Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> diff a/redhat/configs/common/generic/CONFIG_BPF_LSM b/redhat/configs/common/generic/CONFIG_BPF_LSM --- a/redhat/configs/common/generic/CONFIG_BPF_LSM +++ b/redhat/configs/common/generic/CONFIG_BPF_LSM @@ -1 +1 @@ -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y diff a/redhat/configs/common/generic/CONFIG_LSM b/redhat/configs/common/generic/CONFIG_LSM --- a/redhat/configs/common/generic/CONFIG_LSM +++ b/redhat/configs/common/generic/CONFIG_LSM @@ -1 +1 @@ -CONFIG_LSM="lockdown,yama,integrity,selinux" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" diff a/redhat/configs/fedora/generic/CONFIG_BPF_LSM b/redhat/configs/fedora/generic/CONFIG_BPF_LSM --- a/redhat/configs/fedora/generic/CONFIG_BPF_LSM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_BPF_LSM=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/922 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
