[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disabling unprivileged BPF by default in our kernels
From: |
Remco van 't Veer |
Subject: |
Re: Disabling unprivileged BPF by default in our kernels |
Date: |
Thu, 02 Feb 2023 18:13:45 +0100 |
User-agent: |
mu4e 1.8.13; emacs 28.2 |
2023/02/01 20:43, Tobias Geerinckx-Rice:
>> What does Debian's kconfig list for CONFIG_BPF_UNPRIV_DEFAULT_OFF?
>
> I've always had this option set to Y in my own kernels, and it has
> never so much as inconvenienced me. However, I'm not a BPF power
> user.
>
> Does anyone know any serious and concrete drawbacks to setting this
> option in all Guix kernels, to increase default security & better
> align with other major distros?
There is a linux-libre-bpf package so I'd expect BPF power users to use
that. So I guess adding it to the default-extra-linux-options should be
fine.
R.