linux-4.19.37: Configure CGROUP_BPF

Configure CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF, so that systemd services can use network filtering options. See `man systemd.resource-control`. This should avoid the warnings systemd[1]: File /lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support B systemd[1]: Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.) during boot. CONFIG_BPF_SYSCALL: Enable the bpf() system call that allows to manipulate eBPF programs and maps via file descriptors. CONFIG_CGROUP_BPF: Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH. In which context these programs are accessed depends on the type of attachment. For instance, programs that are attached using BPF_CGROUP_INET_INGRESS will be executed on the ingress path of inet sockets.
mariux64 · May 2, 2019 · 6cd982c · 6cd982c
1 parent 34567c4
commit 6cd982c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/linux-4.19.37-260.bee b/linux-4.19.37-260.bee
@@ -109,9 +109,11 @@ mee_configure() {
 	CONFIG_CGROUP_DEVICE=y
 	CONFIG_CGROUP_CPUACCT=y
 	CONFIG_CGROUP_PERF=y
+	CONFIG_CGROUP_BPF=y
 	CONFIG_CGROUP_DEBUG=y
 	CONFIG_USER_NS=y
 	CONFIG_BLK_DEV_INITRD=y
+	CONFIG_BPF_SYSCALL=y
 	CONFIG_SLAB=y
 	CONFIG_SMP=y
 	CONFIG_GART_IOMMU=y