[B/linux-aws][SRU][PATCH 1/1] UBUNTU: [Config] Enable CONFIG_SECURITY_DMESG_RESTRICT
Po-Hsu Lin
po-hsu.lin at canonical.com
Fri Aug 16 09:34:29 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1696558
There is a request to enable CONFIG_SECURITY_DMESG_RESTRICT for linux-aws.
It will restrict unprivileged access to the kernel syslog.
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
debian.aws/config/annotations | 1 +
debian.aws/config/config.common.ubuntu | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/debian.aws/config/annotations b/debian.aws/config/annotations
index 2676d47..ef6331e 100644
--- a/debian.aws/config/annotations
+++ b/debian.aws/config/annotations
@@ -11514,6 +11514,7 @@ CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT policy<{'amd64': 'y', 'arm64': '
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT mark<ENFORCED>
CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ mark<ENFORCED>
CONFIG_LOCK_DOWN_KERNEL mark<ENFORCED> flag<REVIEW>
+CONFIG_SECURITY_DMESG_RESTRICT note<LP#1696558>
# Menu: Security options >> Default security module
CONFIG_DEFAULT_SECURITY_SELINUX policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
diff --git a/debian.aws/config/config.common.ubuntu b/debian.aws/config/config.common.ubuntu
index 8012245..bc61e8b 100644
--- a/debian.aws/config/config.common.ubuntu
+++ b/debian.aws/config/config.common.ubuntu
@@ -6601,7 +6601,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
CONFIG_SECURITY_APPARMOR_STACKED=y
CONFIG_SECURITY_DEFAULT_DISPLAY_APPARMOR=y
CONFIG_SECURITY_DEFAULT_DISPLAY_NAME="apparmor"
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_LSM_DEBUG is not set
--
2.7.4
More information about the kernel-team
mailing list