On Thu, 29 Jun 2023 11:24:33 +0100 Luca Boccassi <bl...@debian.org> wrote:
On Thu, 29 Jun 2023 10:16:19 +0000 undef <debian@undef.tools> wrote: > Package: systemd > Version: 252.6-1 > Severity: wishlist > X-Debbugs-Cc: Undef <debian@undef.tools>> > Dear Maintainer, > > This config, enabled by adding `-DBPF_FRAMEWORK=true` would allow settings such as > `IPAddressAllow` and RestrictFileSystems` to be used to hardenservices on Debian systems.> > `CONFIG_BPF_LSM` seems to already be enabled in Debian's kernels so in theory the only > change required should be adding the above setting to the Systemdbuild.We intentionally kept it disabled as libbpf broke API and ABI recently, and we don't want to be caught in the crossfire here, we need stable interfaces. Further in the trixie dev cycle we can see what the situation is, and whether compatibility was maintained or it broke again, and re- evaluate.
Nod, being a bit more cautious and letting libbpf development settle a bit seems like a reasonable idea.
Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
