FYI, Debian 11 will ship with BPF_LSM built in, but disabled by default
(by explicitly setting CONFIG_LSM to the desired list)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1905975
Public bug reported:
[Impact]
The CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT option allows to support
pretimeout actions on device drivers without the hardware capability to
support it. It was introduced in Linux 5.14:
https://github.com/torvalds/linux/commit/7b7d2fdc8c3e3f9fdb3558d674e1eeddc16c7d9e
It
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1961771
Title:
Enable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT in Jammy
** Tags removed: verification-needed-focal-linux-aws-5.15
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040
Title:
linux-*: please enable dm-verity kconfigs to allow MoK/db
** Tags removed: verification-needed-kinetic
** Tags added: verification-done-kinetic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2019040
Title:
linux-*: please enable dm-verity
Hi, any update on these configs changes? Have they been queued?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040
Title:
linux-*: please enable dm-verity kconfigs to allow MoK/db
linux-generic looks good, thanks. Will the changes to linux-kvm and
linux-azure be merged separately later?
** Tags removed: verification-needed-jammy verification-needed-lunar
** Tags added: verification-done-jammy verification-done-lunar
--
You received this bug notification because you are a
Public bug reported:
The kvm flavours currently do not enable dm-verity. This stops us from
using integrity protected and verified images in VMs using this kernel
flavour.
Please consider enabling the following kconfigs:
CONFIG_DM_VERITY
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
Also, please enable
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING on the cloud
kernels - especially I am interested in the Azure one. Same reason as
above - the other options are already enabled there.
--
You received this bug notification because you are a member of Kernel
Packages,
** Summary changed:
- linux-kvm: please enable dm-verity kconfigs
+ linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images
** Also affects: linux-meta-azure (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a
Thank you!
Do you have details about the performance impact of IMA_ARCH?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040
Title:
linux-*: please enable dm-verity kconfigs to
There's no specific log to share, I've downloaded the kconfig for the
kvm flavour from the linux-
buildinfo-6.2.0-1003-kvm_6.2.0-1003.3_amd64.deb package, extracted
usr/lib/linux/6.2.0-1003-kvm/config and checked for these kconfigs, and
they are not present:
$ grep DM_VERITY config
#
Gentle ping. Would love to see this fix in time for Noble's release.
Thanks!
** Description changed:
SRU Justification
[Impact]
The dmi-sysfs.ko module (CONFIG_DMI_SYSFS) is currently shipped in
linux-modules-extra. This makes it hard to pull in via the linux-virtual
package, it
Given this module doesn't really depend on firmware or anything, it
would be a good candidate to be in linux-modules instead of linux-
modules-extra. That way it will be pulled in without having to use the
virtual package that depends on the firmware too.
On Debian, Fedora and Archlinux it is a
** Description changed:
SRU Justification
[Impact]
The kvm flavours currently do not enable CONFIG_DMI_SYSFS. This stops
VMs using these kernels from being configurable using qemu or cloud-
hypervisor's SMBIOS type 11 strings. This feature is supported and used
widely by
Thanks - what about Jammy?
** Changed in: linux-kvm (Ubuntu Mantic)
Status: New => Won't Fix
** Changed in: linux-kvm (Ubuntu Noble)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in
Got it, thank you
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/2045561
Title:
linux-kvm: please enable CONFIG_DMI_SYSFS for SMBIOS support
Status in linux-kvm package in Ubuntu:
So it's a module: CONFIG_DMI_SYSFS=m and it's part of the modules-extra
package. That means there's no way, without knowing the exact kernel
version in advance, to pull that package in using linux-virtual. You'd
have to use linux-generic, but that also pulls in all the firmware
stuff.
Can a
** Description changed:
SRU Justification
[Impact]
- The kvm flavours currently do not enable CONFIG_DMI_SYSFS. This stops
- VMs using these kernels from being configurable using qemu or cloud-
- hypervisor's SMBIOS type 11 strings. This feature is supported and used
- widely by
Public bug reported:
SRU Justification
[Impact]
The kvm flavours currently do not enable CONFIG_DMI_SYSFS. This stops
VMs using these kernels from being configurable using qemu or cloud-
hypervisor's SMBIOS type 11 strings. This feature is supported and used
widely by systemd:
Public bug reported:
A vmlinux.h header generated from a kernel build with bpftool is needed to
build and ship BPF CO-RE programs. We are looking to ship these in the next
version of systemd.
vmlinux.h being generated depends on the kernel version, architecture and
kconfig. There are some
Github Actions enabled KVM for all open source repositories for free in
January:
https://github.blog/2024-01-17-github-hosted-runners-double-the-power-
for-open-source/
We started using it in systemd, and we hit this bug:
https://paste.centos.org/view/411107c8
This will start quickly affecting
22 matches
Mail list logo