Commit 6e6bf365 authored Jan 29, 2024 by bitcoffee

lsm: enable CONFIG_BPF_LSM for use bpf in lsm program

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8N9IB


CVE: NA

---------------------------------------

Enable CONFIG_BPF_LSM to support ebpf functionality is of
great significance in scenarios such as kernel security
reinforcement and container escape, kernel authorization,
and sensitive file tampering prevention, making it easy to
intercept sensitive/dangerous function operations.

Signed-off-by: bitcoffee <liuxin350@huawei.com>

parent f3ae85d1

arch/arm64/configs/openeuler_defconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -87,7 +87,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
		CONFIG_BPF_JIT_DEFAULT_ON=y
		# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
		# CONFIG_BPF_PRELOAD is not set
		# CONFIG_BPF_LSM is not set
		CONFIG_BPF_LSM=y
		CONFIG_BPF_SCHED=y
		# end of BPF subsystem

arch/x86/configs/openeuler_defconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -105,7 +105,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
		CONFIG_BPF_JIT_DEFAULT_ON=y
		# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
		# CONFIG_BPF_PRELOAD is not set
		# CONFIG_BPF_LSM is not set
		CONFIG_BPF_LSM=y
		CONFIG_BPF_SCHED=y
		# end of BPF subsystem