FS#73566 : [systemd] enable bpf-framework option

FS#73566 - [systemd] enable bpf-framework option

Attached to Project: Arch Linux
Opened by Matthias Lisin (matthias.lisin) - Sunday, 30 January 2022, 18:25 GMT
Last edited by Christian Hesse (eworm) - Thursday, 22 December 2022, 21:13 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Christian Hesse (eworm)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	5 Felix Yan (felixonmars) (2022-12-08) Joel Chornik (joel) (2022-09-21) Sen Haerens (Astroturf) (2022-03-20) Maxim Sheviakov (mradermaxlol) (2022-03-02) Pascal Ernster (hardfalcon) (2022-02-01)
Private	No

Details

Description:
Some systemd directives like RestrictNetworkInterfaces are not available when compiled without option bpf-framework.

Requires new make dependencies: bpf libbpf clang llvm

See: https://github.com/systemd/systemd/blob/v250/meson.build#L1016

This task depends upon

Closed by Christian Hesse (eworm)
Thursday, 22 December 2022, 21:13 GMT
Reason for closing: Implemented
Additional comments about closing: systemd 252.2-4

Comment by Christian Hesse (eworm) - Wednesday, 09 February 2022, 16:40 GMT

Ok, we can add it as make dependency, but that's just half of the game.
Does all this (or libbpf?) become a hard dependency then? Or can we list it as optional dependency?

Comment by Christian Hesse (eworm) - Wednesday, 09 February 2022, 17:10 GMT

Or is nothing required at runtime? I do not think so.
At least I could not find anything linking against libbpf...

Comment by Matthias Lisin (matthias.lisin) - Saturday, 12 February 2022, 23:04 GMT

sorry for late reply

libbpf is an optional dependency (dlopen in libsystemd-shared-250.so, like libfido2 or qrencode)

Comment by Maxim Sheviakov (mradermaxlol) - Monday, 30 May 2022, 18:01 GMT

Are there any plans on building systemd with bpf? Service-level network interface restriction is a really nice feature.

Comment by Christian Hesse (eworm) - Thursday, 08 December 2022, 09:37 GMT

I am not against this, but have not worked through all the details.
Besides libbpf this requires dependencies at runtime (clang? llvm?) that should be listed in `optdepends`, no?

Comment by AK (Andreaskem) - Thursday, 08 December 2022, 10:52 GMT

From the systemd 252 NEWS file:

Experimental features:
* BPF programs can now be compiled with bpf-gcc (requires libbpf >= 1.0
and bpftool >= 7.0).

Would bpf-gcc be an alternative? Although Arch's GCC package does not seem to enable BPF support at all, currently.

Comment by Christian Hesse (eworm) - Thursday, 08 December 2022, 13:39 GMT

Note to self... How to test this:

systemd-run -t -p RestrictNetworkInterfaces="lo" ping archlinux.org

This should fail if bpf is functional.

Comment by Christian Hesse (eworm) - Thursday, 08 December 2022, 13:40 GMT

Please test systemd 252.2-4...

Comment by Felix Yan (felixonmars) - Thursday, 22 December 2022, 19:25 GMT

It works flawlessly here. Thanks!

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#73566 - [systemd] enable bpf-framework option

Details

Loading...