diff options
| author | Stefan Bader <stefan.bader@canonical.com> | 2011-07-13 15:00:46 +0200 |
|---|---|---|
| committer | Leann Ogasawara <leann.ogasawara@canonical.com> | 2011-08-30 10:17:12 -0700 |
| commit | fec97e010b758f408feed8bffacf5176764663ad (patch) | |
| tree | 46ef3547cc677083be90e2b6c36c2fa279d1fb5f /debian.master/config/enforce | |
| parent | 9283d71b2d75a43240818957a17fcb62305643f8 (diff) | |
UBUNTU: SAUCE: Re-enable RODATA for i386 virtual
This basically reverts the following commit as it seems now fixed.
commit 0b111980fe515c5ab24bf21aca5aebd24c70f605
Author: Stefan Bader <stefan.bader@canonical.com>
Date: Tue Jan 11 23:29:25 2011 +0000
UBUNTU: Temporarily disable RODATA for virtual i386
Setting to RO was ok, but the whole patchset seems to cause
i386 EC instances to panic on boot when setting the kernel data
to read-only and no-execute. So while there is no proper fix
found disable this in the i386 virtual flavour
BugLink: http://bugs.launchpad.net/bugs/809838
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Diffstat (limited to 'debian.master/config/enforce')
| -rw-r--r-- | debian.master/config/enforce | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/debian.master/config/enforce b/debian.master/config/enforce index e0411b988f3..67847e40b9a 100644 --- a/debian.master/config/enforce +++ b/debian.master/config/enforce @@ -15,8 +15,7 @@ value CONFIG_DEFAULT_SECURITY_APPARMOR y # For architectures which support this option ensure it is enabled. !exists CONFIG_SECCOMP | value CONFIG_SECCOMP y !exists CONFIG_CC_STACKPROTECTOR | value CONFIG_CC_STACKPROTECTOR y -!exists CONFIG_DEBUG_RODATA | value CONFIG_DEBUG_RODATA y | \ - (flavour virtual & arch i386 & value CONFIG_DEBUG_RODATA n) +!exists CONFIG_DEBUG_RODATA | value CONFIG_DEBUG_RODATA y !exists CONFIG_DEBUG_SET_MODULE_RONX | value CONFIG_DEBUG_SET_MODULE_RONX y !exists CONFIG_STRICT_DEVMEM | value CONFIG_STRICT_DEVMEM y # For architectures which support this option ensure it is disabled. |