Dom0 and eBPF (Berkeley Packet Filter) LSM (Linux Security Modules)

janglingquo_575 · May 21, 2024, 1:05pm

Does dom0 kernel contain BPF? Are there any LSMs available to harden the dom0

kernel?

qubist · May 21, 2024, 3:53pm

Check:

root@dom0:~ #  journalctl -b -o short-monotonic | grep -i bpf

also

root@dom0:~ #  zgrep -i bpf /proc/config.gz

janglingquo_575 · May 21, 2024, 4:21pm

root@dom0:~ # journalctl -b -o short-monotonic | grep -i bpf

dom0 audit: BPF prog-id=7 op=LOAD
dom0 audit: BPF prog-id=7 op=UNLOAD

there are about 40 entries of program IDs (prog-id) but I don’t know which programs

they are.

zgrep -i bpf /proc/config.gz

CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y

BPF subsystem

CONFIG_BPF_SYSCALL=y

there are a bunch of remaining globals with values of “y” or “m” but I don’t know what

they all mean.

qubist · May 21, 2024, 5:36pm

/proc/config.gz contains the configuration of the currently running kernel.

‘m’ means module.
‘y’ means statically built.