Public bug reported:
The CONFIG_FANOTIFY_ACCESS_PERMISSIONS option is required for certain
security products, like Microsoft Defender for Endpoints, to operate
correctly. As far as I can tell, it causes no overhead (when not
actively using it), in terms of code size or startup time.
It is currently disabled in the Focal Fossa -kvm kernel:
$ grep CONFIG_FANOTIFY /boot/config-5.4.0-1032-kvm
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
While it is enabled in the -generic kernel:
$ grep CONFIG_FANOTIFY /boot/config-5.4.0-65-generic
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
The same goes for Bionic Beaver.
** Affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1915688
Title:
Please enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS
Status in linux-kvm package in Ubuntu:
New
Bug description:
The CONFIG_FANOTIFY_ACCESS_PERMISSIONS option is required for certain
security products, like Microsoft Defender for Endpoints, to operate
correctly. As far as I can tell, it causes no overhead (when not
actively using it), in terms of code size or startup time.
It is currently disabled in the Focal Fossa -kvm kernel:
$ grep CONFIG_FANOTIFY /boot/config-5.4.0-1032-kvm
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
While it is enabled in the -generic kernel:
$ grep CONFIG_FANOTIFY /boot/config-5.4.0-65-generic
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
The same goes for Bionic Beaver.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1915688/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
