| Message ID | 20190610101105.25617-1-po-hsu.lin@canonical.com |
|---|---|
| Headers | show |
| Series | UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL | expand |
On 10/06/2019 11:11, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1811981 > > == SRU Justification == > Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in > all of our kernels. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/ > This issue can be verified with test_410_config_lock_down_kernel > test from q-r-t, the test will pass with the patched kernel. > > == Regression Potential == > Low, we already have this config enabled in the generic kernel. > > > Po-Hsu Lin (1): > UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL > > debian.kvm/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Seems very reasonable to me. Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com> -Kamal On Mon, Jun 10, 2019 at 06:11:03PM +0800, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1811981 > > == SRU Justification == > Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in > all of our kernels. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/ > This issue can be verified with test_410_config_lock_down_kernel > test from q-r-t, the test will pass with the patched kernel. > > == Regression Potential == > Low, we already have this config enabled in the generic kernel. > > > Po-Hsu Lin (1): > UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL > > debian.kvm/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 2019-06-10 18:11:03 , Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1811981 > > == SRU Justification == > Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in > all of our kernels. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/ > This issue can be verified with test_410_config_lock_down_kernel > test from q-r-t, the test will pass with the patched kernel. > > == Regression Potential == > Low, we already have this config enabled in the generic kernel. > > > Po-Hsu Lin (1): > UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL > > debian.kvm/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team