[pve-devel] applied: [PATCH kernel] fix #2814: config: disable lockdown
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Jun 22 14:38:07 CEST 2020
since it prevents boot with our current way of building ZFS modules in
case a system is booted with secureboot enabled.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
requires an ABI bump
debian/rules | 3 +++
1 file changed, 3 insertions(+)
diff --git a/debian/rules b/debian/rules
index f531ac5..7c4f9f6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -73,6 +73,9 @@ PVE_CONFIG_OPTS= \
-d CONFIG_UNWINDER_ORC \
-d CONFIG_UNWINDER_GUESS \
-e CONFIG_UNWINDER_FRAME_POINTER \
+-d CONFIG_SECURITY_LOCKDOWN_LSM \
+-d CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
+--set-str CONFIG_LSM yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION
debian/control: $(wildcard debian/*.in)
--
2.20.1
More information about the pve-devel
mailing list