[Expired for linux (Ubuntu) because there has been no activity for 60
days.]
** Changed in: linux (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bu
Folks, A big +1 for enabling bpf LSM by default in the bootconfig.
We are maintainers of KubeArmor (kubearmor.io) and we see that BPF LSM
can go a long way in securing the k8s/containers/VM environments. Not
having BPF LSM by default is a hindrance in the security of these
systems. While we have n
quick google search comes up with:
https://falco.org/docs/event-sources/kernel/
https://medium.com/@lumontec/some-freshness-with-linux-security-modules-and-ebpf-676ac363a135
https://blog.aquasec.com/linux-security-with-tracee-and-ebpf
https://www.infoq.com/presentations/facebook-google-bpf-linux-k
quick google search comes up with:
https://falco.org/docs/event-sources/kernel/
https://medium.com/@lumontec/some-freshness-with-linux-security-modules-and-ebpf-676ac363a135
https://blog.aquasec.com/linux-security-with-tracee-and-ebpf
https://www.infoq.com/presentations/facebook-google-bpf-linux-k
> BPF LSM is the only major LSM that has a potential platform available
for targeting generic sw security solutions and generic performance sw
solutions between multiple distros.
So no specific software solution in mind? Only generic hypothetical
solutions?
--
You received this bug notification
> Adding BPF LSM by default will cause memory and CPU impact to all
users
Is there a paper study out there that shows the memory and CPU impact
for all users when turning on BPF LSM to active? that would be
interesting considering that RHEL solutions have the BPF LSM active by
default so I assume
Adding BPF LSM by default will cause memory and CPU impact to all users.
Right now, it is possible to add this by changing the kernel boot
command line parameters.
What is the justification to change the default? Another distro enabling
it does not justify it. And one unknown software using it doe
> That is at least one less uncomfortable conversation a sw company has
with a potential customer why their server needs to be rebooted for the
company’s SW solution to use a Linux driver.
What software is it? From which company? Is it proprietary or open
source? Can we try and see if it works on
apport information
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Tags added: apport-collected jammy uec-images
** Description changed:
in Fedora/RHEL if I want to see if the bpf LSM is active/available in
the kernel I can go here:
[root@virtualrocky]# cat /sys
9 matches
Mail list logo
