Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

Extra release

An updated version of the latest stable release – 2022011701b – has just been pushed out. The only difference is that the INF_TEST kernel for Ubuntu is now the latest version – 5.4.0-96.109 – which resolves a high priority security issue.

That test version of the kernel can be requested by defining the ED_KERNEL_INF_TEST macro at the top of an LCFG profile. This fixes a
high priority issue – CVE-2022-0185, USN-5240-1. We will make this the default INF kernel for Ubuntu in the stable release next week.

Alternatively, the recommended mitigation is to set a kernel sysctl which can be done like this:

LCFG_KERNEL_SYSCTL(userns_clone,kernel.unprivileged_userns_clone,0)

There’s a strong argument for that being the default setting with it only turned on where required.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel