From unknown Fri Jun 20 19:47:23 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#61216 <61216@debbugs.gnu.org>
To: bug#61216 <61216@debbugs.gnu.org>
Subject: Status: Disabling unprivileged BPF by default in our kernels
Reply-To: bug#61216 <61216@debbugs.gnu.org>
Date: Sat, 21 Jun 2025 02:47:23 +0000

retitle 61216 Disabling unprivileged BPF by default in our kernels
reassign 61216 guix
submitter 61216 Tobias Geerinckx-Rice <me@tobias.gr>
severity 61216 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 01 14:45:25 2023
Received: (at submit) by debbugs.gnu.org; 1 Feb 2023 19:45:25 +0000
Received: from localhost ([127.0.0.1]:59914 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pNJ2r-0000KZ-15
	for submit@debbugs.gnu.org; Wed, 01 Feb 2023 14:45:25 -0500
Received: from lists.gnu.org ([209.51.188.17]:57856)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1pNJ2o-0000KQ-MZ
 for submit@debbugs.gnu.org; Wed, 01 Feb 2023 14:45:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>)
 id 1pNJ2o-0005IJ-5S; Wed, 01 Feb 2023 14:45:22 -0500
Received: from tobias.gr ([2a02:c205:2020:6054::1])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>)
 id 1pNJ2l-0003iR-Vb; Wed, 01 Feb 2023 14:45:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=KjLfyxU9jmOub
 aSUr1FN9kQ9e/pObeZ6WaChlPsJnAE=;
 h=in-reply-to:date:subject:cc:to:
 from:references; d=tobias.gr; b=hWBEvwgrkcVycK/yyfurGqNq96NyDN1qgNqTT4
 UknjjAd16x3YfO0QlUeOuwZFXzuL9WKf6EUHml5DtK/PAOqCIWo3OIDNchiOfxESSKq1V2
 Zoz4xwVjHcNlV6PpuALlgKRFIVJn2DBwFBhVkHUOYbmpJmy3WaT+7p+KnPcPU5DExSj4pM
 /bweM66XLjK0tUxe+/4P6A0bX8a1QaYEdDnvdz/xzNpClngJIKxwb9t3Of7IsxnqA/Tng9
 KkTJWo3cJ8p9GO5mnWI2/bm1CsTLI/Z26Jffdvre+NRJ/9m/ufr9YQxMeDAljLNLB5zSCu
 sFKtdOwSo1ypLUWOO158oH9w==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 97b74978
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Wed, 1 Feb 2023 19:45:14 +0000 (UTC)
References: <e7000800-bd5d-8ba4-3f45-888572fd11d8@mailbox.org>
 <87fsbpnzil.fsf@nckx>
 <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: Ekaitz Zarraga <ekaitz@elenq.tech>
Subject: Disabling unprivileged BPF by default in our kernels
Date: Wed, 01 Feb 2023 20:43:42 +0100
In-reply-to: <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87bkmdnp69.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
Cc: help-guix@gnu.org, Christian Gelinek <christian.gelinek@mailbox.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Ekaitz Zarraga =E5=86=99=E9=81=93=EF=BC=9A
> What does Debian's kconfig list for=20
> CONFIG_BPF_UNPRIV_DEFAULT_OFF?

I've always had this option set to Y in my own kernels, and it has=20
never so much as inconvenienced me.  However, I'm not a BPF power=20
user.

Does anyone know any serious and concrete drawbacks to setting=20
this option in all Guix kernels, to increase default security &=20
better align with other major distros?

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY9rBzw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BeIBAKPpvY+lOPqMpDrvGUtvcq+PB4hCIJUiibDwSO5U
t8DNAQDulhBEeK8GfXYKhQOgN6d8+2nimmqsbFiXX5bHrUccBw==
=AqCV
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 25 19:09:24 2023
Received: (at control) by debbugs.gnu.org; 26 Feb 2023 00:09:24 +0000
Received: from localhost ([127.0.0.1]:41838 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pW4bU-0003xu-0P
	for submit@debbugs.gnu.org; Sat, 25 Feb 2023 19:09:24 -0500
Received: from tobias.gr ([80.241.217.52]:36492)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1pW4bR-0003xj-Q1
 for control@debbugs.gnu.org; Sat, 25 Feb 2023 19:09:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=nBGDpRhIpl+Ao
 jEShsWzA25jRymMHTM1PHE/EQhycJ4=; h=to:from:date; d=tobias.gr;
 b=breJcg
 ntF3qlU1Y07ruTL2E1ewobMP5jsDCg5qpsidCB5F59sP8iSzedqJot/mhfjOEkCxHAMrJt
 qXcoaoSJffeiYVkYxk6UjjRNyvjuTlWhFve22PNKjZ98TJNnz5/WutdcOSPM4q/jxGEebo
 u4eJU3XRH13Y9HdpUnPIfI3FWO9ptTs2oqtOGsyAZhI9zdiP4k4TIzurCqZRmPwiXpacwz
 j7IyVNs+y27uhyTh19KrH9eo3b+fZcyom48kh6LDPLOmTali4uFzTa8TJTBfmp4foc4ovc
 iCxtbgpd2Y+eyiBKTYZSphflFeyqIK8rStHQFlnd1l6eC2Jkez3A/8lQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 7e5949d8
 for <control@debbugs.gnu.org>; Sun, 26 Feb 2023 00:09:17 +0000 (UTC)
MIME-Version: 1.0
Date: Sun, 26 Feb 2023 01:09:17 +0100
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: control@debbugs.gnu.org
Message-ID: <b1fdaaa003c7468d6644c9f4d42402cd@tobias.gr>
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  reassign 61216 guix close 61216 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

reassign 61216 guix
close 61216




From unknown Fri Jun 20 19:47:23 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sun, 26 Mar 2023 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator