lockdown: Refer to Debian wiki until manual page exists
This commit is contained in:
parent
4efb39cf9d
commit
fb4777ce47
|
@ -801,6 +801,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
||||||
* [ia64] linux-image: Recommend grub-efi-ia64 instead of (removed) elilo
|
* [ia64] linux-image: Recommend grub-efi-ia64 instead of (removed) elilo
|
||||||
* [armel/marvell] Disable HW_RANDOM as no HWRNG drivers are usable here
|
* [armel/marvell] Disable HW_RANDOM as no HWRNG drivers are usable here
|
||||||
* udeb: Add all HWRNG drivers to kernel-image (see #923675)
|
* udeb: Add all HWRNG drivers to kernel-image (see #923675)
|
||||||
|
* lockdown: Refer to Debian wiki until manual page exists
|
||||||
|
|
||||||
[ YunQiang Su ]
|
[ YunQiang Su ]
|
||||||
* [mips*r6] Re-enable CONFIG_JUMP_LABEL, which has been fixed in upstream.
|
* [mips*r6] Re-enable CONFIG_JUMP_LABEL, which has been fixed in upstream.
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
Date: Sun, 21 Apr 2019 00:17:13 +0100
|
||||||
|
Subject: lockdown: Refer to Debian wiki until manual page exists
|
||||||
|
Forwarded: not-needed
|
||||||
|
|
||||||
|
The lockdown denial log message currently refers to a
|
||||||
|
"kernel_lockdown.7" manual page, which is supposed to document it.
|
||||||
|
That manual page hasn't been accepted by the man-pages project and
|
||||||
|
doesn't even seem to have been submitted yet. For now, refer to the
|
||||||
|
Debian wiki.
|
||||||
|
|
||||||
|
---
|
||||||
|
--- a/security/lock_down.c
|
||||||
|
+++ b/security/lock_down.c
|
||||||
|
@@ -28,7 +28,7 @@ static void __init lock_kernel_down(cons
|
||||||
|
{
|
||||||
|
if (!kernel_locked_down) {
|
||||||
|
kernel_locked_down = true;
|
||||||
|
- pr_notice("Kernel is locked down from %s; see man kernel_lockdown.7\n",
|
||||||
|
+ pr_notice("Kernel is locked down from %s; see https://wiki.debian.org/SecureBoot\n",
|
||||||
|
where);
|
||||||
|
}
|
||||||
|
}
|
|
@ -140,6 +140,8 @@ features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.
|
||||||
features/all/lockdown/enable-cold-boot-attack-mitigation.patch
|
features/all/lockdown/enable-cold-boot-attack-mitigation.patch
|
||||||
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
|
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
|
||||||
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
||||||
|
# until the "kernel_lockdown.7" manual page exists
|
||||||
|
features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.patch
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
|
|
Loading…
Reference in New Issue