On Thu, Feb 15, 2018 at 1:30 PM, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > Specifically for android we added bpf_lsm hooks, cookie/uid helpers, > and read-only maps. > Lorenzo, > there was a claim in this thread that bpf is disabled on android. > Can you please clarify ? It's not compiled out, at least at the moment. https://android.googlesource.com/kernel/configs/+/master/android-4.9/android-base.cfg has CONFIG_BPF_SYSCALL=y. As with many things on Android, use of EBPF is (heavily) restricted via selinux, and I'm not aware of any plans to allow unprivileged applications to use EBPF, or even or any usecases other than network accounting. Even for this use case, we're looking at having the program being completely read-only and baked into the system image. I definitely don't have a complete view of things though. Also, bear in mind that none of this code has been released yet, so things could change. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
