Message ID | 20190610101105.25617-3-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | [C/linux-kvm,D/linux-kvm,SRU,1/1] UBUNTU: [Config]: enable CONFIG_LOCK_DOWN_KERNEL | expand |
diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu index 88c196e8..a44b783 100644 --- a/debian.kvm/config/config.common.ubuntu +++ b/debian.kvm/config/config.common.ubuntu @@ -1280,7 +1280,8 @@ CONFIG_LOCKDEP_SUPPORT=y CONFIG_LOCKD_V4=y CONFIG_LOCK_DEBUGGING_SUPPORT=y # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set -# CONFIG_LOCK_DOWN_KERNEL is not set +CONFIG_LOCK_DOWN_KERNEL=y +# CONFIG_LOCK_DOWN_MANDATORY is not set CONFIG_LOCK_SPIN_ON_OWNER=y # CONFIG_LOCK_STAT is not set # CONFIG_LOCK_TORTURE_TEST is not set
BugLink: https://bugs.launchpad.net/bugs/1811981 Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of our kernels. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.kvm/config/config.common.ubuntu | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)