README: document LSM BPF requirements

author Iago López Galeiras <iagol@microsoft.com>

Tue, 22 Dec 2020 19:27:50 +0000 (20:27 +0100)

committer Iago Lopez Galeiras <iagol@microsoft.com>

Wed, 6 Oct 2021 08:52:15 +0000 (10:52 +0200)
author Iago López Galeiras <iagol@microsoft.com>
Tue, 22 Dec 2020 19:27:50 +0000 (20:27 +0100)
committer Iago Lopez Galeiras <iagol@microsoft.com>
Wed, 6 Oct 2021 08:52:15 +0000 (10:52 +0200)
diff --git a/README b/README

index 6a151a49e9e97bb69068b90366a3a00e680b3351..3811abfe06056ba28c9f5812cc89e981bea8ff69 100644 (file)
--- a/README
+++ b/README
@@ -35,7 +35,7 @@ REQUIREMENTS:
          Linux kernel >= 4.17 for cgroup-bpf socket address hooks
          Linux kernel >= 5.3 for bounded-loops in BPF program
          Linux kernel >= 5.4 for signed Verity images support
-        Linux kernel >= 5.7 for BPF links
+        Linux kernel >= 5.7 for BPF links and the BPF LSM hook
  
          Kernel Config Options:
            CONFIG_DEVTMPFS
@@ -119,6 +119,13 @@ REQUIREMENTS:
          Required for signed Verity images support:
            CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
  
+        Required for RestrictFileSystems= in service units:
+          CONFIG_BPF
+          CONFIG_BPF_SYSCALL
+          CONFIG_BPF_LSM
+          CONFIG_DEBUG_INFO_BTF
+          CONFIG_LSM="...,bpf" or kernel booted with lsm="...,bpf".
+
          We recommend to turn off Real-Time group scheduling in the
          kernel when using systemd. RT group scheduling effectively
          makes RT scheduling unavailable for most userspace, since it
author	Iago López Galeiras <iagol@microsoft.com>
	Tue, 22 Dec 2020 19:27:50 +0000 (20:27 +0100)
committer	Iago Lopez Galeiras <iagol@microsoft.com>
	Wed, 6 Oct 2021 08:52:15 +0000 (10:52 +0200)