Bug#1039896: systemd: Please consider enabling the BPF_FRAMEWORK config

Thu, 29 Jun 2023 03:21:22 -0700 

Package: systemd
Version: 252.6-1
Severity: wishlist
X-Debbugs-Cc: Undef <debian@undef.tools>

Dear Maintainer,

This config, enabled by adding `-DBPF_FRAMEWORK=true` would allow settings such 
as 
`IPAddressAllow` and RestrictFileSystems` to be used to harden services on 
Debian systems.

`CONFIG_BPF_LSM` seems to already be enabled in Debian's kernels so in theory 
the only 
change required should be adding the above setting to the Systemd build.

Thank you for considering.

-- Package-specific info:

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.35-1.qubes.fc32.x86_64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl1            2.3.1-3
ii  libaudit1          1:3.0.9-1
ii  libblkid1          2.38.1-5+b1
ii  libc6              2.36-9
ii  libcap2            1:2.66-4
ii  libcryptsetup12    2:2.6.1-4~deb12u1
ii  libfdisk1          2.38.1-5+b1
ii  libgcrypt20        1.10.1-3
ii  libkmod2           30+20221128-1
ii  liblz4-1           1.9.4-1
ii  liblzma5           5.4.1-0.2
ii  libmount1          2.38.1-5+b1
ii  libp11-kit0        0.24.1-2
ii  libseccomp2        2.5.4-1+b3
ii  libselinux1        3.4-1+b6
ii  libssl3            3.0.9-1
ii  libsystemd-shared  252.6-1
ii  libsystemd0        252.6-1
ii  libzstd1           1.5.4+dfsg2-5
ii  mount              2.38.1-5+b1

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.14.6-1
ii  systemd-timesyncd [time-daemon]  252.6-1

Versions of packages systemd suggests:
ii  libfido2-1            1.12.0-2+b1
ii  libqrencode4          4.1.1-1
pn  libtss2-esys-3.0.2-0  <none>
pn  libtss2-mu0           <none>
pn  libtss2-rc0           <none>
ii  policykit-1           122-3
ii  polkitd               122-3
pn  systemd-boot          <none>
ii  systemd-container     252.6-1
pn  systemd-homed         <none>
ii  systemd-resolved      252.6-1
pn  systemd-userdbd       <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.6-1
pn  dracut             <none>
ii  initramfs-tools    0.142
ii  libnss-systemd     252.6-1
ii  libpam-systemd     252.6-1
ii  udev               252.6-1

-- no debconf information

Reply via email to