On Tue, Nov 03, 2020 at 11:13:53AM +0000, Daniel P. Berrangé wrote: > On Tue, Nov 03, 2020 at 11:58:54AM +0100, Fabio Valentini wrote: > > On Tue, Nov 3, 2020 at 11:49 AM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote: > > > > > > In QEMU there's a desire to make use of BPF programs for implementing > > > some networking features. The current patches are proposing adding > > > prebuilt BPF byte code to the QEMU repo, with source available, but > > > not actually building from source during a build. > > > > > > I was wondering if we had any specific guidance or rules covering the > > > shipping BPF programs in particular ? > > > > > > To me it feels like BPF programs should fall under normal Fedora > > > practice that expects everything to be built from master source. > > > > > > We do have the exception that allows firmware to be shipped as > > > pre-built blobs, but I'm thinking that BPF programs could not > > > be considered as firmware. > > > > > > Has this been discussed before, if so can someone point to the > > > results, as I'm not finding anything specific to BPF programs and > > > Fedora packaging via Google. > > > > > > Regards, > > > Daniel > > > > If there are no specialized Packaging Guidelines for something, then > > the general guidelines apply - so in this case, compiling from source > > is required, since Fedora packages MUST NOT ship precompiled binaries. > > > > Side note: Regarding BPF programs - I seem to remember that recent > > kernel security features (the Lockdown patches?) restricted and/or > > disabled the ability to run BPF programs at all. Have you considered > > that by default, those BPF programs might not be able to run under the > > Fedora default configuration? > > Yes, that is one of the issues raised upstream by other people. BPF appears to only be restricted if lockdown is running in "confidentiality mode", not "integrity mode", with the latter used in Fedora now according to https://bugzilla.redhat.com/show_bug.cgi?id=1815571#c3 Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
