Your message dated Fri, 17 Apr 2020 18:01:01 +0000
with message-id <e1jpvit-000aqw...@fasolo.debian.org>
and subject line Bug#956197: fixed in linux 5.6.4-1~exp1
has caused the Debian Bug report #956197,
regarding src:linux: lockdown: set default (with Secure Boot) to
LOCKDOWN_INTEGRITY_MAX
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
956197: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956197
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: linux
Version: 5.5.13-2
Severity: wishlist
Tags: patch
X-Debbugs-CC: quen...@isovalent.com
Dear Maintainer(s),
LOCKDOWN_CONFIDENTIALITY_MAX restricts a lot of useful features,
even security ones (like monitoring via BPF), while not adding
that much value for common use cases.
Recently, Ubuntu, RedHat and SUSE changed the default to
LOCKDOWN_INTEGRITY_MAX.
I believe we should do the same.
MR: https://salsa.debian.org/kernel-team/linux/-/merge_requests/230
References:
https://github.com/iovisor/bcc/issues/2565#issuecomment-606566675
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1868626
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=ef7c6600bb3e
https://bugzilla.redhat.com/show_bug.cgi?id=1815571
Thanks!
--
Kind regards,
Luca Boccassi
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 5.6.4-1~exp1
Done: Ben Hutchings <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 956...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <b...@debian.org> (supplier of updated linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Apr 2020 01:26:42 +0100
Source: linux
Architecture: source
Version: 5.6.4-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <b...@debian.org>
Closes: 956197
Changes:
linux (5.6.4-1~exp1) experimental; urgency=medium
.
* New upstream release: https://kernelnewbies.org/Linux_5.6
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.3
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.4
.
[ Ben Hutchings ]
* Set ABI to trunk
* [mips*] Revert "staging: octeon-usb: delete the octeon usb host controller
driver"
* [mips*] Revert "staging: octeon: delete driver"
* [powerpc*] i2c: Enable I2C_PARPORT instead of I2C_PARPORT_LIGHT
* aufs: Update support patchset to aufs5.x-rcN 20200302; no functional
change
* linux-signed-*: Build-Depend on kernel-wedge 2.102 for consistency
* aufs: Update support patchset to aufs5.6 20200413; no functional change
* [rt] Update to 5.6.4-rt3 and re-enable
.
[ Aurelien Jarno ]
* Enable SENSORS_DRIVETEMP
* [riscv64] Enable SOC_VIRT
* [riscv64] Enable GPIOLIB, GPIO_SIFIVE, POWER_RESET, POWER_RESET_GPIO,
POWER_RESET_GPIO_RESTART, POWER_RESET_RESTART, CONFIG_PWM,
CONFIG_PWM_SIFIVE, CONFIG_SIFIVE_L2
.
[ Christian Barcenas ]
* linux-kbuild: Stop building conmakehash
* linux-cpupower: Add libcap to Build-Depends and turbostat linker flags
* [x86] Drop EFI cold boot mitigation patch in favor of upstream
* [amd64] Update "x86: Make x32 syscall support conditional ..." for 5.6
.
[ Romain Perier ]
* [x86] udeb: Add crc32_pclmul to crc-modules
* udeb: Add crc32_generic to crc-modules
.
[ Luca Boccassi ]
* lockdown: set default (with Secure Boot) to LOCKDOWN_INTEGRITY_MAX
(Closes: #956197)
Checksums-Sha1:
10b616f453a2924d48c365eddfbdc5a75d95b74d 210002 linux_5.6.4-1~exp1.dsc
08fa53d17013fb81f710e285c439c25359a8b55d 116064736 linux_5.6.4.orig.tar.xz
7557a0504381a497566cc5c3f334a88bcf73a489 1287880
linux_5.6.4-1~exp1.debian.tar.xz
9f6893a7826ccb7a57df63553f9d3505b9b177b8 53956
linux_5.6.4-1~exp1_source.buildinfo
Checksums-Sha256:
285decd6b401f74ce3a8d692e04c8dc58566fd66d08581ceb02b20de94bd7882 210002
linux_5.6.4-1~exp1.dsc
8115ac68648eeb0abc43f64405b488a070ed8dcaa4e0973d06971b204c829b5d 116064736
linux_5.6.4.orig.tar.xz
1cc26859937147739c92e92edd924334af209bc5477cc477c6044407da361e05 1287880
linux_5.6.4-1~exp1.debian.tar.xz
4bd4f6721bea5e47a8b6dec8bfa333afd8b2680154b66c1ec0aa262f4740e3b4 53956
linux_5.6.4-1~exp1_source.buildinfo
Files:
5c2b784e5b125647ede0f2080b31b6ab 210002 kernel optional linux_5.6.4-1~exp1.dsc
3a098777e7f6ebbc7c833b3d9e3e994c 116064736 kernel optional
linux_5.6.4.orig.tar.xz
17f681b54f3e7a7f0ee54e3e23884c6c 1287880 kernel optional
linux_5.6.4-1~exp1.debian.tar.xz
13ab023261e0e035c82468ec51784e41 53956 kernel optional
linux_5.6.4-1~exp1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl6ZtuMACgkQ57/I7JWG
EQlAYQ/+Nxtk18NIT/rgPH4MuzY4jw4MA5XzWtG49nKjRg7Fr+fYqkEI8m833qoQ
5PFF2qEKIy8Dx/l54FUau60vSzKt8By1BtMMe8pW0pKkB8w4ezSJPmomiDl11LVI
8bcq6nZ5bZ9mqYY/hfN4EW9zCm+5fXG2OBVSyqAvXviMFILzl1dyNuN3fdyZe6O6
uVeEt0/sUCznMjDazHtZGpMswfqWjS2iTInZh6NvTATRShssEzCqbXI5hsmSECeV
ybMiLpvGa8o/OUKilc9eXFj+30KcLpcefPo2VsMgNpxP2qb7AeAxjzjfdNRBM+5K
3wSNwwnLnZWCEfIFP8wnq8yRG7tLKnqVaRLzm4Af9eIVrqO7VqIYt0aazz1wOsMR
2t6gI2Lquxcslrfgnonc++c+CqnOQHpRWKkYS5P4sYwlrxQdNTdWlLwxWbf/jYVD
b4iGOTDdampnI/gZImDuw8z8Fvz/4P0Mf0DmmR5MYez46bmqY12jooMZVHYuu8xt
OBul/c8uzgkJAxPEoMMBdlG6qJ4knRYVjVDApPqzQ9aTpyFHj2jtSvQnItGweYy5
A8iAEAL0zAxcPKtAmQ1xO2pDllD95C2ip4OyFjHwF34Gv6Kc378hTFRtwMy0cJoY
C1+0n8VOP+Gytzyf61zSkX8o+InuxGaHBfYeoDqY2z7ZNEMHxM0=
=KLBz
-----END PGP SIGNATURE-----
--- End Message ---
