Does dom0 kernel contain BPF? Are there any LSMs available to harden the dom0
kernel?
Does dom0 kernel contain BPF? Are there any LSMs available to harden the dom0
kernel?
Check:
root@dom0:~ # journalctl -b -o short-monotonic | grep -i bpf
also
root@dom0:~ # zgrep -i bpf /proc/config.gz
root@dom0:~ # journalctl -b -o short-monotonic | grep -i bpf
dom0 audit: BPF prog-id=7 op=LOAD
dom0 audit: BPF prog-id=7 op=UNLOAD
there are about 40 entries of program IDs (prog-id) but I don’t know which programs
they are.
zgrep -i bpf /proc/config.gz
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_BPF_SYSCALL=y
there are a bunch of remaining globals with values of “y” or “m” but I don’t know what
they all mean.
/proc/config.gz contains the configuration of the currently running kernel.
‘m’ means module.
‘y’ means statically built.