Re: Disabling unprivileged BPF by default in our kernels

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Disabling unprivileged BPF by default in our kernels

From:	Remco van 't Veer
Subject:	Re: Disabling unprivileged BPF by default in our kernels
Date:	Thu, 02 Feb 2023 18:13:45 +0100
User-agent:	mu4e 1.8.13; emacs 28.2

2023/02/01 20:43, Tobias Geerinckx-Rice:

>> What does Debian's kconfig list for CONFIG_BPF_UNPRIV_DEFAULT_OFF?
>
> I've always had this option set to Y in my own kernels, and it has
> never so much as inconvenienced me.  However, I'm not a BPF power
> user.
>
> Does anyone know any serious and concrete drawbacks to setting this
> option in all Guix kernels, to increase default security & better
> align with other major distros?

There is a linux-libre-bpf package so I'd expect BPF power users to use
that.  So I guess adding it to the default-extra-linux-options should be
fine.

R.

[Prev in Thread]

Current Thread

[Next in Thread]

Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek, 2023/02/01
- Re: Intel i7-1165G7 vulnerable to Spectre v2, Felix Lechner, 2023/02/01
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek, 2023/02/03
- Re: Intel i7-1165G7 vulnerable to Spectre v2, Tobias Geerinckx-Rice, 2023/02/01
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Ekaitz Zarraga, 2023/02/01
    - Disabling unprivileged BPF by default in our kernels, Tobias Geerinckx-Rice, 2023/02/01
    - Re: Disabling unprivileged BPF by default in our kernels, Leo Famulari, 2023/02/02
    - Re: Disabling unprivileged BPF by default in our kernels, Remco van 't Veer <=
    - Re: Disabling unprivileged BPF by default in our kernels, Tobias Geerinckx-Rice, 2023/02/02
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek, 2023/02/03

Prev by Date: Missing QT platform plugin for Wayland, GRUB menu-entry, and service/package definitions
Next by Date: Re: Disabling unprivileged BPF by default in our kernels
Previous by thread: Re: Disabling unprivileged BPF by default in our kernels
Next by thread: Re: Disabling unprivileged BPF by default in our kernels
Index(es):
- Date
- Thread