Control: close -1 256~rc1-1 On Thu, 24 Aug 2023 11:45:41 +0200 Michael Biebl <bi...@debian.org> wrote: > On Thu, 29 Jun 2023 11:24:33 +0100 Luca Boccassi <bl...@debian.org> wrote: > > On Thu, 29 Jun 2023 10:16:19 +0000 undef <debian@undef.tools> wrote: > > > Package: systemd > > > Version: 252.6-1 > > > Severity: wishlist > > > X-Debbugs-Cc: Undef <debian@undef.tools> > > > > > > Dear Maintainer, > > > > > > This config, enabled by adding `-DBPF_FRAMEWORK=true` would allow > > settings such as > > > `IPAddressAllow` and RestrictFileSystems` to be used to harden > > services on Debian systems. > > > > > > `CONFIG_BPF_LSM` seems to already be enabled in Debian's kernels so > > in theory the only > > > change required should be adding the above setting to the Systemd > > build. > > > > We intentionally kept it disabled as libbpf broke API and ABI recently, > > and we don't want to be caught in the crossfire here, we need stable > > interfaces. > > Further in the trixie dev cycle we can see what the situation is, and > > whether compatibility was maintained or it broke again, and re- > > evaluate. > > Nod, being a bit more cautious and letting libbpf development settle a > bit seems like a reasonable idea.
A year later and things seems to have settled now, and there are more and more features needing this (like the nsresourced stuff), so it is now enabled. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part