On Thu, 29 Jun 2023 10:16:19 +0000 undef <debian@undef.tools> wrote: > Package: systemd > Version: 252.6-1 > Severity: wishlist > X-Debbugs-Cc: Undef <debian@undef.tools> > > Dear Maintainer, > > This config, enabled by adding `-DBPF_FRAMEWORK=true` would allow settings such as > `IPAddressAllow` and RestrictFileSystems` to be used to harden services on Debian systems. > > `CONFIG_BPF_LSM` seems to already be enabled in Debian's kernels so in theory the only > change required should be adding the above setting to the Systemd build.
We intentionally kept it disabled as libbpf broke API and ABI recently, and we don't want to be caught in the crossfire here, we need stable interfaces. Further in the trixie dev cycle we can see what the situation is, and whether compatibility was maintained or it broke again, and re- evaluate. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
