[C/linux-kvm][D/linux-kvm][SRU][PATCH 1/1] UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL
Po-Hsu Lin
po-hsu.lin at canonical.com
Mon Jun 10 10:11:05 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1811981
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in
all of our kernels.
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
debian.kvm/config/config.common.ubuntu | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index 88c196e8..a44b783 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -1280,7 +1280,8 @@ CONFIG_LOCKDEP_SUPPORT=y
CONFIG_LOCKD_V4=y
CONFIG_LOCK_DEBUGGING_SUPPORT=y
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
-# CONFIG_LOCK_DOWN_KERNEL is not set
+CONFIG_LOCK_DOWN_KERNEL=y
+# CONFIG_LOCK_DOWN_MANDATORY is not set
CONFIG_LOCK_SPIN_ON_OWNER=y
# CONFIG_LOCK_STAT is not set
# CONFIG_LOCK_TORTURE_TEST is not set
--
2.7.4
More information about the kernel-team
mailing list