diff options
| author | Seth Forshee <seth.forshee@canonical.com> | 2020-07-02 13:29:55 -0500 |
|---|---|---|
| committer | Andrea Righi <andrea.righi@canonical.com> | 2020-08-04 09:38:44 +0200 |
| commit | f2fac7568f6acdb37de0696717f23dedc02fbe48 (patch) | |
| tree | ef4a01705a23baef015a6f1ff363e5d2973c1296 | |
| parent | e3c0f3dcf154dba4a965b538e06185a3201fb4d6 (diff) | |
UBUNTU: [Config] CONFIG_SECURITY_DMESG_RESTRICT=y
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
| -rw-r--r-- | debian.master/config/annotations | 3 | ||||
| -rw-r--r-- | debian.master/config/config.common.ubuntu | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 71a04f393d6a..15b2a350b208 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -13331,7 +13331,7 @@ CONFIG_LEGACY_VSYSCALL_NONE policy<{'amd64': 'n'}> CONFIG_LEGACY_VSYSCALL_XONLY flag<REVIEW> # Menu: Security options -CONFIG_SECURITY_DMESG_RESTRICT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> +CONFIG_SECURITY_DMESG_RESTRICT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_SECURITY_PERF_EVENTS_RESTRICT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_SECURITYFS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_PAGE_TABLE_ISOLATION policy<{'amd64': 'y', 'i386': 'y'}> @@ -13343,6 +13343,7 @@ CONFIG_FORTIFY_SOURCE policy<{'amd64': 'y', 'arm64': ' CONFIG_STATIC_USERMODEHELPER policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_LSM policy<{'amd64': '"lockdown,yama,integrity,apparmor"', 'arm64': '"lockdown,yama,integrity,apparmor"', 'armhf': '"lockdown,yama,integrity,apparmor"', 'i386': '"lockdown,yama,integrity,apparmor"', 'ppc64el': '"lockdown,yama,integrity,apparmor"', 's390x': '"lockdown,yama,integrity,apparmor"'}> # +CONFIG_SECURITY_DMESG_RESTRICT mark<ENFORCED> CONFIG_LSM mark<ENFORCED> # Menu: Security options >> Enable access key retention support diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 20bf4d59a428..17c1ff457f5e 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -8904,7 +8904,7 @@ CONFIG_SECURITY_APPARMOR=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y -# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM=y |