From 6cd982c5f0db93c1556db47a7d79c7e31cca16df Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Thu, 2 May 2019 09:28:34 +0200 Subject: [PATCH] linux-4.19.37: Configure CGROUP_BPF Configure CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF, so that systemd services can use network filtering options. See `man systemd.resource-control`. This should avoid the warnings systemd[1]: File /lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support B systemd[1]: Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.) during boot. CONFIG_BPF_SYSCALL: Enable the bpf() system call that allows to manipulate eBPF programs and maps via file descriptors. CONFIG_CGROUP_BPF: Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH. In which context these programs are accessed depends on the type of attachment. For instance, programs that are attached using BPF_CGROUP_INET_INGRESS will be executed on the ingress path of inet sockets. --- linux-4.19.37-260.bee | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-4.19.37-260.bee b/linux-4.19.37-260.bee index b07fbe136..ad5f99782 100755 --- a/linux-4.19.37-260.bee +++ b/linux-4.19.37-260.bee @@ -109,9 +109,11 @@ mee_configure() { CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_PERF=y + CONFIG_CGROUP_BPF=y CONFIG_CGROUP_DEBUG=y CONFIG_USER_NS=y CONFIG_BLK_DEV_INITRD=y + CONFIG_BPF_SYSCALL=y CONFIG_SLAB=y CONFIG_SMP=y CONFIG_GART_IOMMU=y