Public bug reported: The CONFIG_FANOTIFY_ACCESS_PERMISSIONS option is required for certain security products, like Microsoft Defender for Endpoints, to operate correctly. As far as I can tell, it causes no overhead (when not actively using it), in terms of code size or startup time.
It is currently disabled in the Focal Fossa -kvm kernel: $ grep CONFIG_FANOTIFY /boot/config-5.4.0-1032-kvm CONFIG_FANOTIFY=y # CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set While it is enabled in the -generic kernel: $ grep CONFIG_FANOTIFY /boot/config-5.4.0-65-generic CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y The same goes for Bionic Beaver. ** Affects: linux-kvm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1915688 Title: Please enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS Status in linux-kvm package in Ubuntu: New Bug description: The CONFIG_FANOTIFY_ACCESS_PERMISSIONS option is required for certain security products, like Microsoft Defender for Endpoints, to operate correctly. As far as I can tell, it causes no overhead (when not actively using it), in terms of code size or startup time. It is currently disabled in the Focal Fossa -kvm kernel: $ grep CONFIG_FANOTIFY /boot/config-5.4.0-1032-kvm CONFIG_FANOTIFY=y # CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set While it is enabled in the -generic kernel: $ grep CONFIG_FANOTIFY /boot/config-5.4.0-65-generic CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y The same goes for Bionic Beaver. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1915688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp