Feature #15329
Ensure we benefit from security features introduced in Linux 4.15
Start date:
2018-02-19
Due date:
% Done:
100%
Subtasks
History
#1 Updated by intrigeri 2018-02-19 12:31:20
- Status changed from Confirmed to In Progress
- Assignee changed from intrigeri to bertagaz
- % Done changed from 0 to 100
- QA Check set to Ready for QA
- Feature Branch set to feature/15309-linux-4.15
The new stuff is enabled for everyone (without config settings) so there’s nothing to be done here.
#2 Updated by intrigeri 2018-02-19 12:31:29
- blocked by
Feature #15309: Upgrade to Linux 4.15 added
#3 Updated by bertagaz 2018-02-20 12:25:40
intrigeri wrote:
> https://outflux.net/blog/archives/2018/02/05/security-things-in-linux-v4-15/
In this above link I see PTI entered 4.15. Did you consider it? Other than that Feature #15329#note-1 seems true for Feature #15000 feature, so I see no reasons not to close this ticket.
#4 Updated by bertagaz 2018-02-20 12:26:02
- Assignee changed from bertagaz to intrigeri
- QA Check changed from Ready for QA to Info Needed
#5 Updated by intrigeri 2018-02-20 13:29:20
- Assignee changed from intrigeri to bertagaz
- QA Check changed from Info Needed to Ready for QA
Sorry for not making this explicit. Adding KPTI support was the reason why we released the Tails 3.4 emergency release so we’ve had it for a while already:
Feature #14976- commit:36adab31349a2dee54d2ba1a0677624efdd8ae36
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/changelog?h=debian/4.14.13-1#n112
- in Tails 3.5:
$ grep '^CONFIG_PAGE_TABLE_ISOLATION=' /boot/config-4.14.0-3-amd64
CONFIG_PAGE_TABLE_ISOLATION=y
#6 Updated by bertagaz 2018-02-21 14:03:10
- Status changed from In Progress to Fix committed
- Assignee deleted (
bertagaz) - QA Check changed from Ready for QA to Pass
Did not think to look if it was already activated or not, sorry. So Feature #15309 has been merged into devel, let say we’re good here.
#7 Updated by bertagaz 2018-03-14 11:09:45
- Status changed from Fix committed to Resolved