lockdown: Refer to Debian wiki until manual page exists
This commit is contained in:
parent
4efb39cf9d
commit
fb4777ce47
|
@ -801,6 +801,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
* [ia64] linux-image: Recommend grub-efi-ia64 instead of (removed) elilo
|
||||
* [armel/marvell] Disable HW_RANDOM as no HWRNG drivers are usable here
|
||||
* udeb: Add all HWRNG drivers to kernel-image (see #923675)
|
||||
* lockdown: Refer to Debian wiki until manual page exists
|
||||
|
||||
[ YunQiang Su ]
|
||||
* [mips*r6] Re-enable CONFIG_JUMP_LABEL, which has been fixed in upstream.
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 21 Apr 2019 00:17:13 +0100
|
||||
Subject: lockdown: Refer to Debian wiki until manual page exists
|
||||
Forwarded: not-needed
|
||||
|
||||
The lockdown denial log message currently refers to a
|
||||
"kernel_lockdown.7" manual page, which is supposed to document it.
|
||||
That manual page hasn't been accepted by the man-pages project and
|
||||
doesn't even seem to have been submitted yet. For now, refer to the
|
||||
Debian wiki.
|
||||
|
||||
---
|
||||
--- a/security/lock_down.c
|
||||
+++ b/security/lock_down.c
|
||||
@@ -28,7 +28,7 @@ static void __init lock_kernel_down(cons
|
||||
{
|
||||
if (!kernel_locked_down) {
|
||||
kernel_locked_down = true;
|
||||
- pr_notice("Kernel is locked down from %s; see man kernel_lockdown.7\n",
|
||||
+ pr_notice("Kernel is locked down from %s; see https://wiki.debian.org/SecureBoot\n",
|
||||
where);
|
||||
}
|
||||
}
|
|
@ -140,6 +140,8 @@ features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.
|
|||
features/all/lockdown/enable-cold-boot-attack-mitigation.patch
|
||||
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
|
||||
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
||||
# until the "kernel_lockdown.7" manual page exists
|
||||
features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch
|
||||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
|
|
Loading…
Reference in New Issue