[D/linux-aws,SRU,1/1] UBUNTU: [Config] Enable CONFIG_SECURITY_DMESG_RESTRICT
diff mbox series

Message ID 20190816093430.17135-5-po-hsu.lin@canonical.com
State New
Headers show
Series
  • [D/linux-aws,SRU,1/1] UBUNTU: [Config] Enable CONFIG_SECURITY_DMESG_RESTRICT
Related show

Commit Message

Po-Hsu Lin Aug. 16, 2019, 9:34 a.m. UTC
BugLink: https://bugs.launchpad.net/bugs/1696558

There is a request to enable CONFIG_SECURITY_DMESG_RESTRICT for linux-aws.
It will restrict unprivileged access to the kernel syslog.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 debian.aws/config/annotations          | 1 +
 debian.aws/config/config.common.ubuntu | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

Patch
diff mbox series

diff --git a/debian.aws/config/annotations b/debian.aws/config/annotations
index ddd94a1..edff332 100644
--- a/debian.aws/config/annotations
+++ b/debian.aws/config/annotations
@@ -11507,6 +11507,7 @@  CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT             policy<{'amd64': 'y', 'arm64': '
 #CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT             mark<ENFORCED>
 CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ             mark<ENFORCED>
 #CONFIG_LOCK_DOWN_KERNEL                         mark<ENFORCED> flag<REVIEW>
+CONFIG_SECURITY_DMESG_RESTRICT                  note<LP#1696558>
 
 # Menu: Security options >> Default security module
 CONFIG_LSM                                      policy<{'amd64': '"yama,loadpin,integrity,apparmor"', 'arm64': '"yama,loadpin,integrity,apparmor"'}>
diff --git a/debian.aws/config/config.common.ubuntu b/debian.aws/config/config.common.ubuntu
index 7502b1e..85b1615 100644
--- a/debian.aws/config/config.common.ubuntu
+++ b/debian.aws/config/config.common.ubuntu
@@ -7061,7 +7061,7 @@  CONFIG_SECURITY_APPARMOR=y
 # CONFIG_SECURITY_APPARMOR_DEBUG is not set
 CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY_INFINIBAND=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_NETWORK=y