systemd: enable `BPF_FRAMEWORK` by default (`withLibBPF=true`)

So far, we have been building Systemd without `BPF_FRAMEWORK`. As a
result, some Systemd features like `RestrictNetworkInterfaces=` cannot
work. To make things worse, Systemd doesn't even complain when using a
feature which requires `+BPF_FRAMEWORK`; yet, the option has no effect:

    # systemctl --version | grep -o "\-BPF_FRAMEWORK"
    -BPF_FRAMEWORK
    # systemd-run -t -p RestrictNetworkInterfaces="lo" ping -c 1 8.8.8.8

This commit enables `BPF_FRAMEWORK` by default. This is in line with
other distros (e.g., Fedora). Also note that BPF does not support stack
protector: https://lkml.org/lkml/2020/2/21/1000. To that end, I added a
small `CFLAGS` patch to the BPF building to keep using stack protector
as a default.

I also added an appropriate NixOS test.

0 files changed, 0 insertions, 0 deletions