diff mbox series

[B/linux-kvm,SRU,1/1] UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL

Message ID 20190610101105.25617-2-po-hsu.lin@canonical.com
State New
Headers show
Series UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL | expand

Commit Message

Po-Hsu Lin June 10, 2019, 10:11 a.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1811981

Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in
all of our kernels.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 debian.kvm/config/config.common.ubuntu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index d1c7070..23edadc 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -1278,7 +1278,7 @@  CONFIG_LOCKD=m
 CONFIG_LOCKDEP_SUPPORT=y
 CONFIG_LOCKD_V4=y
 # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
-# CONFIG_LOCK_DOWN_KERNEL is not set
+CONFIG_LOCK_DOWN_KERNEL=y
 CONFIG_LOCK_SPIN_ON_OWNER=y
 # CONFIG_LOCK_STAT is not set
 # CONFIG_LOCK_TORTURE_TEST is not set