Message ID | 20190610101105.25617-2-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL | expand |
diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu index d1c7070..23edadc 100644 --- a/debian.kvm/config/config.common.ubuntu +++ b/debian.kvm/config/config.common.ubuntu @@ -1278,7 +1278,7 @@ CONFIG_LOCKD=m CONFIG_LOCKDEP_SUPPORT=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set -# CONFIG_LOCK_DOWN_KERNEL is not set +CONFIG_LOCK_DOWN_KERNEL=y CONFIG_LOCK_SPIN_ON_OWNER=y # CONFIG_LOCK_STAT is not set # CONFIG_LOCK_TORTURE_TEST is not set
BugLink: https://bugs.launchpad.net/bugs/1811981 Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of our kernels. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.kvm/config/config.common.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)