Booting Fedora with Secure Boot enabled will result in Lockdown being enabled at boot
time. This will completly disable the BPF system call for all users [1][2].
Unfortunately, this breaks the IPAddressAllow & IPAddressDeny systemd feature
[3][4][5].
I don't have a solution for this, but as far as I understand, this will also prevent
other BPF use-cases (for example: Cilium on Fedora CoreOS).
[1]
https://src.fedoraproject.org/rpms/kernel/blob/master/f/efi-lockdown.patc...
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/jforbes/linux.git/commit/...
[3]
https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c
[4]
https://github.com/systemd/systemd/blob/master/NEWS#L1192
[5]
https://www.freedesktop.org/software/systemd/man/systemd.resource-control...