Minor updates to the previous patchset to take some review comments into account - no significant changes in functionality, other than that the eBPF patch now only disables the kernel read functions as requested.
- [PATCH V35 00/29] Kernel lockdown functionality Matthew Garrett
- [PATCH V35 01/29] security: Support early LSMs Matthew Garrett
- [PATCH V35 02/29] security: Add a "locked down&q... Matthew Garrett
- [PATCH V35 04/29] Enforce module signatures if the ke... Matthew Garrett
- [PATCH V35 03/29] security: Add a static lockdown pol... Matthew Garrett
- [PATCH V35 12/29] x86: Lock down IO port access when ... Matthew Garrett
- [PATCH V35 08/29] kexec_file: split KEXEC_VERIFY_SIG ... Matthew Garrett
- [PATCH V35 13/29] x86/msr: Restrict MSR access when t... Matthew Garrett
- [PATCH V35 05/29] Restrict /dev/{mem,kmem,port} when ... Matthew Garrett
- [PATCH V35 11/29] PCI: Lock down BAR access when the ... Matthew Garrett
- [PATCH V35 24/29] Lock down perf when in confidential... Matthew Garrett