From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3FECB1396D9 for ; Sat, 28 Oct 2017 18:21:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3BE242BC118; Sat, 28 Oct 2017 18:21:39 +0000 (UTC) Received: from mail-ua0-x243.google.com (mail-ua0-x243.google.com [IPv6:2607:f8b0:400c:c08::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D26982BC10F for ; Sat, 28 Oct 2017 18:21:38 +0000 (UTC) Received: by mail-ua0-x243.google.com with SMTP id f46so6991538uae.1 for ; Sat, 28 Oct 2017 11:21:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=qYWkVjep3a9Tyni5ZY0uFrjfrf7EIkEXRDpdx6PV/yI=; b=ZyErb77L4VoX2ZQBstwxMA/ejnLtUWT9vbYyz7gVzAsr7oUfIiMvhgsoOTNb6jHeA6 gCcgtUDo47C8qNBWcQ2dvkDyyXQ7+KrfYGcpO/Tr6BVnrFdJ609yWoRM+2CS9jbqOXtS Qa4y0vgOwT/85I30bwt1e2KTQynSVyap8AJreLlxyZZbJDo+ZTmJ4cRM1lxdiefzCRjf rssfctlGVGZJRrVucNunTn5Prdf0p0057vJAX7wvKHOWP9FYRFgZ/yQfppQXJil7d4Uj dXhqoZlEhp3rKScFFkO5LlvqhOvzl7X1snEAyHEjNIhSi/ofnFSOX90Sar/ZrWUh5iK0 SabQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=qYWkVjep3a9Tyni5ZY0uFrjfrf7EIkEXRDpdx6PV/yI=; b=gwVYJekzSJmuoDvBhh/Rf0/WrnTyl/IdUGGgb8cmTOnVHrwB1i+pN3hr1P1B151KyE t55SEg9vVJGNsCyt5HQ0F1xRPnwVC2UmKXd3f9dyKg3JB60Iq2IPz/x7OFxE2ngDRSBy dL1ztj842NcL97zZfHQMXKLo3eQNgaF93nTKJ9FPedAYAFxy0m3+Ta1d8empZQnDBjNv oeICto1bjUQUkm6RymFBu1QX3YLFMfL95SIBVvXq7qwI2Y4hXDcFpY+TcCG/tRKkL5ap s4I1F6N/BnP61NfT3VDsWDfOh+o0t0M4FNi0e83uCgtY/9xDy3ou7Vi89FSNHS7lt/wM GqGA== X-Gm-Message-State: AMCzsaUwkWvtraCDrd6JQ2ny9+xUuiDSC4bLbgHkYJ2+k46NExKiBv06 RJMrfMJl2JsKTBFCoTP5HTPun4rb2txERalBrk7fpA== X-Google-Smtp-Source: ABhQp+TXeVDtHqpLNXyorsLp8gK8D3InDmEU5+0dJs6vY64DN7i7owk/qUjsjnbY5XSEvOvLhDkFMejkkJFEmR0U8LA= X-Received: by 10.159.54.201 with SMTP id p67mr3708949uap.200.1509214897562; Sat, 28 Oct 2017 11:21:37 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.103.122.5 with HTTP; Sat, 28 Oct 2017 11:21:17 -0700 (PDT) In-Reply-To: References: From: =?UTF-8?B?Q2FuZWsgUGVsw6FleiBWYWxkw6lz?= Date: Sat, 28 Oct 2017 13:21:17 -0500 Message-ID: Subject: Re: [gentoo-user] systemd: "local system does not support BPF/cgroup based firewalling" To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary="94eb2c0485a8dbe797055c9f7982" X-Archives-Salt: e010f323-8e54-4817-94d1-5f71b7e168fe X-Archives-Hash: 61b2d90100f9c5452d63a6b7df73b44a --94eb2c0485a8dbe797055c9f7982 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Do you have CONFIG_CGROUP_BPF enabled? Regards. On Sat, Oct 28, 2017 at 1:03 PM, Nikos Chantziaras wrote= : > I'm getting these at startup: > > systemd[1]: File /lib/systemd/system/systemd-journald.service:33 > configures an IP firewall (IPAddressDeny=3Dany), but the local system doe= s > not support BPF/cgroup based firewalling. > systemd[1]: Proceeding WITHOUT firewalling in effect! > systemd[1]: File /lib/systemd/system/systemd-udevd.service:32 configures > an IP firewall (IPAddressDeny=3Dany), but the local system does not suppo= rt > BPF/cgroup based firewalling. > systemd[1]: Proceeding WITHOUT firewalling in effect! > systemd[1]: File /lib/systemd/system/systemd-logind.service:34 configures > an IP firewall (IPAddressDeny=3Dany), but the local system does not suppo= rt > BPF/cgroup based firewalling. > systemd[1]: Proceeding WITHOUT firewalling in effect! > > What do I need to make this work? I found this: > > https://github.com/systemd/systemd/issues/7188 > > But CONFIG_BPF_SYSCALL is enabled and I still get that message. > > This is on kernel 4.9.59 with systemd 235. > > > --=20 Dr. Canek Pel=C3=A1ez Vald=C3=A9s Profesor de Carrera Asociado C Departamento de Matem=C3=A1ticas Facultad de Ciencias Universidad Nacional Aut=C3=B3noma de M=C3=A9xico --94eb2c0485a8dbe797055c9f7982 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Do you have CONFIG_CGROUP_BPF enabled?

= Regards.

On Sat, Oct 28, 2017 at 1:03 PM, Nikos Chantziaras <= ;realnc@gmail.com= > wrote:
I'm getting these = at startup:

systemd[1]: File /lib/systemd/system/systemd-journald.service:33 confi= gures an IP firewall (IPAddressDeny=3Dany), but the local system does not s= upport BPF/cgroup based firewalling.
systemd[1]: Proceeding WITHOUT firewalling in effect!
systemd[1]: File /lib/systemd/system/systemd-udevd.service:32 configur= es an IP firewall (IPAddressDeny=3Dany), but the local system does not supp= ort BPF/cgroup based firewalling.
systemd[1]: Proceeding WITHOUT firewalling in effect!
systemd[1]: File /lib/systemd/system/systemd-logind.service:34 configu= res an IP firewall (IPAddressDeny=3Dany), but the local system does not sup= port BPF/cgroup based firewalling.
systemd[1]: Proceeding WITHOUT firewalling in effect!

What do I need to make this work? I found this:

=C2=A0 https://github.com/systemd/systemd/issues/= 7188

But CONFIG_BPF_SYSCALL is enabled and I still get that message.

This is on kernel 4.9.59 with systemd 235.





--
Dr. Canek Pel=C3=A1= ez Vald=C3=A9s
Profesor de Carrera Asociado C
Departamento de Matem= =C3=A1ticas
Facultad de Ciencias
Universidad Nacional Aut=C3=B3noma d= e M=C3=A9xico
--94eb2c0485a8dbe797055c9f7982--