The bpf-framework is used to pre-compile eBPFs that required for the systemd.resource-control features RestrictFileSystems=[1] and RestrictNetworkInterfaces=[2] to work.
Apart from 'clang-native' to compile the eBPFs, the required kernel switches are described in [3]. Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictFileSystems= Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces= Link: https://kinvolk.io/blog/2021/04/extending-systemd-security-features-with-ebpf/ Signed-off-by: Johannes Schneider <johannes.schnei...@leica-geosystems.com> --- meta/recipes-core/systemd/systemd_255.6.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/systemd/systemd_255.6.bb b/meta/recipes-core/systemd/systemd_255.6.bb index 15b631fc07..defdb15620 100644 --- a/meta/recipes-core/systemd/systemd_255.6.bb +++ b/meta/recipes-core/systemd/systemd_255.6.bb @@ -132,6 +132,7 @@ PACKAGECONFIG[acl] = "-Dacl=true,-Dacl=false,acl" PACKAGECONFIG[audit] = "-Daudit=true,-Daudit=false,audit" PACKAGECONFIG[backlight] = "-Dbacklight=true,-Dbacklight=false" PACKAGECONFIG[binfmt] = "-Dbinfmt=true,-Dbinfmt=false" +PACKAGECONFIG[bpf-framework] = "-Dbpf-framework=true,-Dbpf-framework=false,clang-native bpftool-native libbpf,libbpf" PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2" PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid" PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#200947): https://lists.openembedded.org/g/openembedded-core/message/200947 Mute This Topic: https://lists.openembedded.org/mt/106778247/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
