ACK: [B/linux-kvm][C/linux-kvm][D/linux-kvm][SRU][PATCH 0/1] UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL
Colin Ian King
colin.king at canonical.com
Mon Jun 10 15:05:36 UTC 2019
On 10/06/2019 11:11, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1811981
>
> == SRU Justification ==
> Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in
> all of our kernels.
>
> == Test ==
> Test kernels could be found here:
> https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
> This issue can be verified with test_410_config_lock_down_kernel
> test from q-r-t, the test will pass with the patched kernel.
>
> == Regression Potential ==
> Low, we already have this config enabled in the generic kernel.
>
>
> Po-Hsu Lin (1):
> UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL
>
> debian.kvm/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Seems very reasonable to me.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list