systemd: add PACKAGECONFIG for bpf-framework

The bpf-framework is used to pre-compile eBPFs that required for the systemd.resource-control features RestrictFileSystems=[1] and RestrictNetworkInterfaces=[2] to work. Apart from 'clang-native' to compile the eBPFs, the required kernel switches are described in [3]. Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictFileSystems= Link: https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#RestrictNetworkInterfaces= Link: https://kinvolk.io/blog/2021/04/extending-systemd-security-features-with-ebpf/ (From OE-Core rev: 6f90320bf3028a67d1fd444dfaa62f3888066ea4) Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-20 09:32:13 +02:00 · 2024-06-20 13:51:25 +02:00
parent 23dacdb593
commit 182e599dbc
1 changed files with 1 additions and 0 deletions
--- a/meta/recipes-core/systemd/systemd_255.6.bb
+++ b/meta/recipes-core/systemd/systemd_255.6.bb
@@ -132,6 +132,7 @@ PACKAGECONFIG[acl] = "-Dacl=true,-Dacl=false,acl"
 PACKAGECONFIG[audit] = "-Daudit=true,-Daudit=false,audit"
 PACKAGECONFIG[backlight] = "-Dbacklight=true,-Dbacklight=false"
 PACKAGECONFIG[binfmt] = "-Dbinfmt=true,-Dbinfmt=false"
+PACKAGECONFIG[bpf-framework] = "-Dbpf-framework=true,-Dbpf-framework=false,clang-native bpftool-native libbpf,libbpf"
 PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
 PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
 PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"