[SRU][D/E][PATCH 0/1] Disable CONFIG_IOMMU_DEBUGFS (enforce policy)
Khalid Elmously
khalid.elmously at canonical.com
Tue Jan 28 04:15:08 UTC 2020
BugLink: https://bugs.launchpad.net/bugs/1861057
When CONFIG_IOMMU_DEBUGFS is enabled it shows a scary-looking security warning in the kernel log.
There's already a policy to disable this feature but it is curently unenforced.
This is being done specifically for cloud kernels but it seemed to me that this config should be disabled everywhere not just for cloud.
With this patch, I confirmed that derivatives can't be cranked if they have CONFIG_IOMMU_DEBUGFS enabled.
Khalid Elmously (1):
Updating annotations to disable CONFIG_IOMMU_DEBUGFS
debian.master/config/annotations | 1 +
1 file changed, 1 insertion(+)
Khalid Elmously (1):
Updating annotations to disable CONFIG_IOMMU_DEBUGFS
debian.master/config/annotations | 3 +++
1 file changed, 3 insertions(+)
--
2.17.1
More information about the kernel-team
mailing list