Raspi2-3_GenImage Commit - r351:c1f79aebdb86 · Collaboration Tremplin des Sciences

.,.

Unknown -

r351:c1f79aebdb86

parent child

Context file:

r351:c1f79aebdb86

README.md +3 -3

             The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
             ##### `KERNEL_NF`=false
-            Enable Netfilter modules as kernel modules (systemd compilations about it (File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls)
+            Enable Netfilter modules as kernel modules
             ##### `KERNEL_VIRT`=false
             Enable Kernel KVM support (/dev/kvm)
             ##### `KERNEL_ZSWAP`=false
             Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
+            ##### `KERNEL_BPF`=true
+            Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
             ---

bootstrap.d/13-kernel.sh +9 -2

                   set_kernel_config VHOST_NET m
                   set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y
             	fi
-            	if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
             	#See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
                 # Netfilter kernel support
+            	if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
             	  # xtables
                   set_kernel_config NETFILTER_XTABLES m
             	  # Netfilter nf_tables support
                   set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
                 fi
+            	#https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
+            	#https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
+            	# Enables BPF syscall for systemd-journald
+            	if [ "$KERNEL_BPF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+            	  set_kernel_config CONFIG_BPF_SYSCALL y
+            	  set_kernel_config CONFIG_CGROUP_BPF y
+            	fi
             	popd
                 if [ "$KERNELSRC_CONFIG" = true ] ; then

rpi23-gen-image.sh +3 -2

             KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
             KERNEL_CCACHE=${KERNEL_CCACHE:=false}
-            KERNEL_ZSWAP=${KERNEL_ZSWAP:=true}
+            KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
-            KERNEL_VIRT=${KERNEL_VIRT:=true}
+            KERNEL_VIRT=${KERNEL_VIRT:=false}
+            KERNEL_BPF${KERNEL_BPF:=true}
             # Kernel compilation from source directory settings
             KERNELSRC_DIR=${KERNELSRC_DIR:=""}

General Comments 0

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages