Hello kernel team, the systemd packages will soon need the kernel headers package to ship a generated vmlinux.h to build BPF programs (using BTF). This is already implemented in Debian, Centos, Fedora and Arch.
Looks like all I should have to do is change one line of code, rebuild the existing kernel that I’m running, and everything should work…unfortunately I am new to this, so something is not working.
I am going by these instructions here (Kernel/BuildYourOwnKernel - Ubuntu Wiki), and I am currently running the OEM kernel 6.5.0-1019
I am running this kernel on Jammy because I also have an Intel Wifi7 adapter that requires this (I think…it doesn’t work on older kernels)
Anyway, I follow the build instructions for “quicker build” and it fails after 25 minutes or so, the error is
I am a total newb with Ubuntu so I would ask maybe is there an easier way to change that thunderbolt driver code without having to recompile? If not, any clues as to why the build is failing?
edit:
Okay I’m dumb. I needed to build binary-oem, not binary-generic. Lol. Works now.
Using Ubuntu Server 24.04 LTS for Raspberry Pi, I noticed it has not been built with BTF support. Was this intentional? Can it be compiled with BTF in the future. We need it to load BPF programs for XDP sockets.
Trying to install proposed kernel on Ubuntu Oracular from PPA Kernels as in Proposed : “Canonical Kernel Team” team I see:
Err:4 Index of /canonical-kernel-team/proposed/ubuntu oracular InRelease
The following signatures were invalid: 110E21D8B0E2A1F0243AF6820856F197B892ACEA (untrusted public key algorithm: rsa1024) The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 9B5F34077FA4288A
Hit:5 Index of /ubuntu oracular-backports InRelease
Warning: GPG error: Index of /canonical-kernel-team/proposed/ubuntu oracular InRelease: The following signatures were invalid: 110E21D8B0E2A1F0243AF6820856F197B892ACEA (untrusted public key algorithm: rsa1024) The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 9B5F34077FA4288A
Error: The repository ‘Index of /canonical-kernel-team/proposed/ubuntu oracular InRelease’ is not signed.
Notice: Updating from such a repository can’t be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.
I did read it, but I’m confused. If they’re already upstreamed, why the partial confinement? Is it that the app armor patches in upstream kernels are outdated or something?
And I’m not trying to going there. I just wanted to understand (I like Snaps and even went out of my way to enable it on my Tuxedo OS gaming PC and on my laptop with Pop!_OS).
@YamiYukiSenpai this isn’t the proper forum to discuss the whys and wheres of snaps or apparmor in general as both are developed outside of the kernel team, and definitely not the forum to discuss the rationale behind decisions made by other distributions. @jjohansen would be the best to answer your apparmor questions but he is not a member of the kernel team.
The partial confinement for snaps largely comes from the extended af_unix mediation missing in upstream apparmor, this also which includes the labeling necessary for the dbus interface. Parts of this have been upstreamed but it is not yet complete, the final parts should land in 6.12.
The 6.12 version will be a bit different than what has been carried in Ubuntu so far (24.10 should have the new version) as there was regression against upstream discovered, forcing an abi change causing this to miss 6.11.
A new version of the apparmor userspace will be required to support the abi change. However with snapd now vendoring apparmor, once it pulls in an update it will be able to support the upsteam version.