linux-aspeed: Enable CGROUP_BPF and NAMESPACES
These are used by systemd to provide isolation features:
Required for IPAddressDeny= and IPAddressAllow= in resource control
unit settings
CONFIG_CGROUP_BPF
Required for PrivateNetwork= in service units:
CONFIG_NET_NS
Note that systemd-localed.service and other systemd units use
PrivateNetwork so this is effectively required.
Required for PrivateUsers= in service units:
CONFIG_USER_NS
(NET_NS is default y so we get it by enabling namespace support).
Change-Id: I48434708078af2bac4ca87434ce4ef76306a84cc
Signed-off-by: Joel Stanley <joel@jms.id.au>
diff --git a/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig b/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
index 939a60e..00dd0ca 100644
--- a/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
+++ b/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig
@@ -7,6 +7,9 @@
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=16
CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=y
CONFIG_BLK_DEV_INITRD=y
# CONFIG_RD_BZIP2 is not set
# CONFIG_RD_LZO is not set
diff --git a/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig b/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
index d189de8..4432d52 100644
--- a/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
+++ b/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig
@@ -9,6 +9,9 @@
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=16
CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=y
CONFIG_BLK_DEV_INITRD=y
# CONFIG_RD_BZIP2 is not set
# CONFIG_RD_LZO is not set
diff --git a/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig b/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
index bf6e952..7acf0a8 100644
--- a/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
+++ b/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
@@ -9,6 +9,9 @@
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=16
CONFIG_CGROUPS=y
+CONFIG_CGROUP_BPF=y
+CONFIG_NAMESPACES=y
+CONFIG_USER_NS=y
CONFIG_BLK_DEV_INITRD=y
# CONFIG_RD_BZIP2 is not set
# CONFIG_RD_LZO is not set