| Summary: | enable SECURITY_LOCKDOWN_LSM, SECURITY_LOCKDOWN_LSM_EARLY and LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Peter Müller <peter.mueller> |
| Component: | --- | Assignee: | Peter Müller <peter.mueller> |
| Status: | CLOSED CANTFIX | QA Contact: | |
| Severity: | Security | ||
| Priority: | - Unknown - | CC: | peter.mueller |
| Version: | 2 | ||
| Hardware: | unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugzilla.ipfire.org/show_bug.cgi?id=12430 | ||
| Bug Depends on: | |||
| Bug Blocks: | 12361 | ||
|
Description
Peter Müller
2020-06-09 18:22:26 UTC
https://blog.ipfire.org/post/ipfire-2-27-core-update-167-is-available-for-testing Since I am not sure if we can switch to the "enforce confidentiality" mode, I am bumping this to ON_QA. https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=250f6efc3868f97914c42e94361932d86bd910db Resetting this back to ASSIGNED. Most probably, we are never going to be able to enforce even the "integrity" mode in IPFire 2.x, since we cannot break firmware flashing, and there is no way of providing users with a system mode where constraints one usually wants to have in production are not applied. |