APPLIED: [linux-kvm-b][PATCH 0/2] Enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT and CONFIG_FORTIFY_SOURCE
Khaled Elmously
khalid.elmously at canonical.com
Fri Jun 22 03:02:57 UTC 2018
Applied to bionic/linux-kvm (in reverse order)
On 2018-06-12 18:53:13 , Po-Hsu Lin wrote:
> == Justification ==
> In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
> CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
> meet the security team's requirement.
>
> == Test ==
> Before enabling the config, test case test_190_config_kernel_fortify and
> test_250_config_security_perf_events_restrict will fail in the kernel
> security testsuite for the kernel SRU regression test.
>
> It will pass with these two patches applied, tested on a KVM node.
>
> == Fix ==
> Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
> Set CONFIG_FORTIFY_SOURCE to "y".
>
> == Regression Potential ==
> Minimal.
> No code changes, just two config changes without disabling any other configs.
>
> BugLink: https://bugs.launchpad.net/bugs/1766780
> BugLink: https://bugs.launchpad.net/bugs/1766774
>
> Po-Hsu Lin (2):
> UBUNTU: [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT
> UBUNTU: [Config]: enable CONFIG_FORTIFY_SOURCE
>
> debian.kvm/config/config.common.ubuntu | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list