@@ -9776,6 +9776,8 @@ CONFIG_TUNE_Z13 policy<{'s390x': 'n'}>
CONFIG_SECURITY_DMESG_RESTRICT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'powerpc': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_SECURITYFS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'powerpc': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_INTEL_TXT policy<{'amd64': 'y', 'i386': 'y'}>
+#
+CONFIG_SECURITY_DMESG_RESTRICT note<LP#1696558>
# Menu: Security options >> Default security module
CONFIG_DEFAULT_SECURITY_SELINUX policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'powerpc': 'n', 'ppc64el': 'n', 's390x': 'n'}>
@@ -4100,7 +4100,7 @@ CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_STATS is not set
CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
BugLink: https://bugs.launchpad.net/bugs/1696558 There is a request to enable CONFIG_SECURITY_DMESG_RESTRICT for linux-aws. It will restrict unprivileged access to the kernel syslog. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- debian.aws/config/annotations | 2 ++ debian.aws/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-)