Enable kernel CONFIG_NFT_SOCKET

[darinkes]

I would like to be able to create NFT filter rules for systemd services.
So I can be more specific what a service is allowed to reach.

Currently it's not possible cause the kernel is built without CONFIG_NFT_SOCKET and the module is missing.

Can this be enabled?

[eric-desrochers]

While it is not set in Azure Linux 3.0 -> https://github.com/microsoft/azurelinux/blob/3.0/SPECS/kernel/config#L1364
It is configured as a module in our upcoming release CONFIG_NFT_SOCKET=m

Would you be willing to wait for our next distro release?

[eric-desrochers]

Considering the right KCONFIG will be available in upcoming release. I’m closing this bug. Please feel free to reopen it if needed.