Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
config: enable CONFIG_BPF_SYSCALL and CONFIG_CGROUP_BPF #2454
CGROUP_BPF is needed by systemd firewalling. Enabling the option removes the systemd warning ("Proceeding WITHOUT firewalling in effect!") during boot. Signed-off-by: Matthias Reichl <firstname.lastname@example.org>
That systemd issue is where I got the CGROUP_BPF hint from (we tried BPF_SYSCALL=y without success before - as another user in the issue thread).
I'm not sure if we want or need the systemd firewall, but as systemd wants the firewall - IPAddressDeny is in 6 service files - IMHO it's better to make it happy and just enable the option.
BTW: We'll still get the warning on Amlogic devices as their kernel is too old and doesn't support BPF_SYSCALL