> Adding BPF LSM by default will cause memory and CPU impact to all users
Is there a paper study out there that shows the memory and CPU impact for all users when turning on BPF LSM to active? that would be interesting considering that RHEL solutions have the BPF LSM active by default so I assume that in their observations, memory and CPU impact for users is negligible. How did landlocked get chosen to be an active configured LSM by default? what was the compelling reason there? I can't imagine the memory/CPU impact for Landlock is that much less than BPF LSM. Landlock is a newer LSM vs BPF LSM so, if anything that will impact the user because Landlock is a newer LSM, so it has more potential bugs. My compelling reasoning would be promoting easier adaptability of BPF solutions, in industry, as well as testing (BPF is always active like Landlock, apparmor, etc). BPF LSM is the only major LSM that has a potential platform available for targeting generic sw security solutions and generic performance sw solutions between multiple distros. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2036281 Title: activate bpf LSM by default Status in linux package in Ubuntu: Incomplete Bug description: in Fedora/RHEL if I want to see if the bpf LSM is active/available in the kernel I can go here: [root@virtualrocky]# cat /sys/kernel/security/lsm lockdown,capability,yama,selinux,bpf[root@virtualrocky]# but if I do the same thing in Ubuntu 22.0.4 bpf is NOT there: root@virtual-ubuntu2204:/# cat /sys/kernel/security/lsm lockdown,capability,landlock,yama,apparmorroot@virtual-ubuntu2204:/# Please add bpf LSM to the CONFIG_LSM See discourse for background info https://discourse.ubuntu.com/t/ask-us-anything-about-ubuntu- kernels/27664/127?u=why2jjj root@virtual-ubuntu2204:/opt/# cat /proc/version_signature Ubuntu 5.15.0-82.91-generic 5.15.111 THANK YOU! --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: jfreyensee 2526 F.... pulseaudio CRDA: N/A CasperMD5CheckResult: pass CloudArchitecture: x86_64 CloudID: none CloudName: none CloudPlatform: none CloudSubPlatform: config CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2023-08-29 (17 days ago) InstallationMedia: Ubuntu-Server 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230810) MachineType: Parallels Software International Inc. Parallels Virtual Platform NonfreeKernelModules: prl_fs_freeze prl_fs prl_eth prl_tg Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-82-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro ProcVersionSignature: Ubuntu 5.15.0-82.91-generic 5.15.111 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: linux-restricted-modules-5.15.0-82-generic N/A linux-backports-modules-5.15.0-82-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.18 RfKill: Tags: jammy uec-images Uname: Linux 5.15.0-82-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: N/A _MarkForUpload: True dmi.bios.date: 07/03/2023 dmi.bios.release: 18.3 dmi.bios.vendor: Parallels Software International Inc. dmi.bios.version: 18.3.2 (53621) dmi.board.name: Parallels Virtual Platform dmi.board.vendor: Parallels Software International Inc. dmi.board.version: None dmi.chassis.type: 2 dmi.chassis.vendor: Parallels Software International Inc. dmi.ec.firmware.release: 18.3 dmi.modalias: dmi:bvnParallelsSoftwareInternationalInc.:bvr18.3.2(53621):bd07/03/2023:br18.3:efr18.3:svnParallelsSoftwareInternationalInc.:pnParallelsVirtualPlatform:pvrNone:rvnParallelsSoftwareInternationalInc.:rnParallelsVirtualPlatform:rvrNone:cvnParallelsSoftwareInternationalInc.:ct2:cvr:skuUndefined: dmi.product.family: Parallels VM dmi.product.name: Parallels Virtual Platform dmi.product.sku: Undefined dmi.product.version: None dmi.sys.vendor: Parallels Software International Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036281/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp