Primeiro, ative CONFIG_BPF_SYSCALL=y
┌── Enable bpf() system call ─────────────────────────────────┐
│ │
│ CONFIG_BPF_SYSCALL: │
│ │
│ Enable the bpf() system call that allows to manipulate eBPF │
│ programs and maps via file descriptors. │
│ │
│ Symbol: BPF_SYSCALL [=y] │
│ Type : bool │
│ Prompt: Enable bpf() system call │
│ Location: │
│ -> General setup │
│ Defined at init/Kconfig:1414 │
│ Selects: ANON_INODES [=y] && BPF [=y] && IRQ_WORK [=y] │
│ Selected by [n]: │
│ - AF_KCM [=n] && NET [=y] && INET [=y] │
└─────────────────────────────────────────────────────────────┘
^ que permite também ativar CONFIG_CGROUP_BPF=y :
┌── Support for eBPF programs attached to cgroups ─────────────────┐
│ │
│ CONFIG_CGROUP_BPF: │
│ │
│ Allow attaching eBPF programs to a cgroup using the bpf(2) │
│ syscall command BPF_PROG_ATTACH. │
│ │
│ In which context these programs are accessed depends on the type │
│ of attachment. For instance, programs that are attached using │
│ BPF_CGROUP_INET_INGRESS will be executed on the ingress path of │
│ inet sockets. │
│ │
│ Symbol: CGROUP_BPF [=y] │
│ Type : bool │
│ Prompt: Support for eBPF programs attached to cgroups │
│ Location: │
│ -> General setup │
│ -> Control Group support (CGROUPS [=y]) │
│ Defined at init/Kconfig:845 │
│ Depends on: CGROUPS [=y] && BPF_SYSCALL [=y] │
│ Selects: SOCK_CGROUP_DATA [=y] │
└──────────────────────────────────────────────────────────────────┘
Isso é tudo o que é necessário para que as mensagens systemd desapareçam.
Quando você seleciona o acima, isso é o que acontece em .config :
Antes:
# CONFIG_BPF_SYSCALL is not set
Depois:
CONFIG_BPF_SYSCALL=y
# CONFIG_XDP_SOCKETS is not set
# CONFIG_BPF_STREAM_PARSER is not set
CONFIG_CGROUP_BPF=y
CONFIG_BPF_EVENTS=y
Estão disponíveis mais duas opções: CONFIG_XDP_SOCKETS e CONFIG_BPF_STREAM_PARSER , mas não é necessário ativá-las. Mas se você está se perguntando sobre o que eles são:
┌── XDP sockets ────────────────────────────────────────┐
│ │
│ CONFIG_XDP_SOCKETS: │
│ │
│ XDP sockets allows a channel between XDP programs and │
│ userspace applications. │
│ │
│ Symbol: XDP_SOCKETS [=n] │
│ Type : bool │
│ Prompt: XDP sockets │
│ Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ Defined at net/xdp/Kconfig:1 │
│ Depends on: NET [=y] && BPF_SYSCALL [=y] │
└───────────────────────────────────────────────────────┘
┌── enable BPF STREAM_PARSER ───────────────────────────────────────────┐
│ │
│ CONFIG_BPF_STREAM_PARSER: │
│ │
│ Enabling this allows a stream parser to be used with │
│ BPF_MAP_TYPE_SOCKMAP. │
│ │
│ BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets. │
│ It can be used to enforce socket policy, implement socket redirects, │
│ etc. │
│ │
│ Symbol: BPF_STREAM_PARSER [=n] │
│ Type : bool │
│ Prompt: enable BPF STREAM_PARSER │
│ Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ Defined at net/Kconfig:301 │
│ Depends on: NET [=y] && BPF_SYSCALL [=y] │
│ Selects: STREAM_PARSER [=m] │
└───────────────────────────────────────────────────────────────────────┘
Se estiver se perguntando por que CONFIG_BPF_EVENTS=y :
┌── Search Results ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ │
│ Symbol: BPF_EVENTS [=y] │
│ Type : bool │
│ Defined at kernel/trace/Kconfig:476 │
│ Depends on: TRACING_SUPPORT [=y] && FTRACE [=y] && BPF_SYSCALL [=y] && (KPROBE_EVENTS [=n] || UPROBE_EVENTS [=y]) && PERF_EVENTS [=y] │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Kernel testado 4.18.5 em um Fedora 28 AppVM dentro do Qubes OS 4.0