[linux-kvm-b][PATCH 0/2] Enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT and CONFIG_FORTIFY_SOURCE
Po-Hsu Lin
po-hsu.lin at canonical.com
Tue Jun 12 10:53:13 UTC 2018
== Justification ==
In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_config_kernel_fortify and
test_250_config_security_perf_events_restrict will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
Set CONFIG_FORTIFY_SOURCE to "y".
== Regression Potential ==
Minimal.
No code changes, just two config changes without disabling any other configs.
BugLink: https://bugs.launchpad.net/bugs/1766780
BugLink: https://bugs.launchpad.net/bugs/1766774
Po-Hsu Lin (2):
UBUNTU: [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT
UBUNTU: [Config]: enable CONFIG_FORTIFY_SOURCE
debian.kvm/config/config.common.ubuntu | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list