From dd89e700b0c071b20185eb25ab22ec3939bedb27 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 31 Dec 2024 11:25:38 -0600
Subject: [PATCH] kernel: Enable BPF firewall for systemd

_systemd_ complains if this is not enabled, as it prevents certain
sandbox features from working.
---
 linux.config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux.config b/linux.config
index e61d910..eecd382 100644
--- a/linux.config
+++ b/linux.config
@@ -112,9 +112,11 @@ CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
 
+CONFIG_BPF_SYSCALL=y
 CONFIG_POSIX_MQUEUE=y
 CONFIG_MEMCG=y
 CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_BPF=y
 CONFIG_BLK_CGROUP=y
 
 CONFIG_I2C_HID_OF_GOODIX=m