[saucy SRU] LP#1259570 -- make kexec disablable
Andy Whitcroft
apw at canonical.com
Fri Feb 7 16:29:22 UTC 2014
The kexec system is a potential source of security attacks, it makes
sense in tighter security setups to allow onetime initialisation of the
kexec image. This patch adds a sysctl which locks the current settings
preventing later modification. This allows us to load a crash kernel
and then prevent it being replaced later.
This is a clean cherry-pick from mainline and is applied to Trusty already.
The security team have requested this be made available in saucy.
Proposing for SRU to saucy.
-apw
More information about the kernel-team
mailing list