[pve-devel] applied: [PATCH kernel] fix #2814: config: disable lockdown

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Jun 22 14:38:07 CEST 2020


since it prevents boot with our current way of building ZFS modules in
case a system is booted with secureboot enabled.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    requires an ABI bump

 debian/rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/rules b/debian/rules
index f531ac5..7c4f9f6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -73,6 +73,9 @@ PVE_CONFIG_OPTS= \
 -d CONFIG_UNWINDER_ORC \
 -d CONFIG_UNWINDER_GUESS \
 -e CONFIG_UNWINDER_FRAME_POINTER \
+-d CONFIG_SECURITY_LOCKDOWN_LSM \
+-d CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
+--set-str CONFIG_LSM yama,integrity,apparmor \
 -e CONFIG_PAGE_TABLE_ISOLATION
 
 debian/control: $(wildcard debian/*.in)
-- 
2.20.1





More information about the pve-devel mailing list