]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04f8e76) | patch
systemd: add PACKAGECONFIG for bpf-framework
authorJohannes Schneider <johannes.schneider@leica-geosystems.com>
Thu, 20 Jun 2024 11:51:25 +0000 (13:51 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 25 Jun 2024 10:49:54 +0000 (11:49 +0100)
commit6f90320bf3028a67d1fd444dfaa62f3888066ea4
treec2bcd4ea9b47a7f6306e0b479198feab9e05f3a2tree | snapshot
parent04f8e7659e085a52165e1b5ad905974e821ecdd6commit | diff
systemd: add PACKAGECONFIG for bpf-framework

The bpf-framework is used to pre-compile eBPFs that required for the
systemd.resource-control features RestrictFileSystems=[1] and
RestrictNetworkInterfaces=[2] to work.

Apart from 'clang-native' to compile the eBPFs, the required kernel
switches are described in [3].

Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictFileSystems=
Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces=
Link: https://kinvolk.io/blog/2021/04/extending-systemd-security-features-with-ebpf/
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
meta/recipes-core/systemd/systemd_255.6.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core