docs: fix kernel lockdown documentation #1704
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samuelkarp
reviewed
Aug 9, 2021
README.md
Outdated
| @@ -476,7 +476,7 @@ Here are the metrics settings: | |||
| #### Kernel settings | |||
|
|
|||
| * `settings.kernel.lockdown`: This allows further restrictions on what the Linux kernel will allow, for example preventing the loading of unsigned modules. | |||
| May be set to "none" (the default), "integrity", or "confidentiality". | |||
| May be set to "none" (the default in older [variants](variants/)), "integrity" (the default for newer [variants](variants/)), or "confidentiality". | |||
There was a problem hiding this comment.
Should we list the specific variants? Or perhaps just list the variants which are still defaulting to "none"?
There was a problem hiding this comment.
Suggested change
| May be set to "none" (the default in older [variants](variants/)), "integrity" (the default for newer [variants](variants/)), or "confidentiality". | |
| May be set to "none" (the default in older [variants](variants/), up through aws-k8s-1.19), "integrity" (the default for newer variants), or "confidentiality". |
There was a problem hiding this comment.
Should we make the same change the SECURITY-GUIDANCE.md doc?
There was a problem hiding this comment.
Yeah, I'll update the Security Guidance with your suggestion 👍
There was a problem hiding this comment.
I updated both the README and SECURITY-GUIDANCE doc
webern
approved these changes
Aug 10, 2021
This fixes the kernel lockdown's documentation, since the default values changed in newer variants Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
arnaldo2792
force-pushed
the
fix-kernel-lockdown-docs
branch
from
1c0f4d2 to
e90380e
Compare
|
Forced push includes:
|
samuelkarp
approved these changes
Aug 11, 2021
webern
approved these changes
Aug 11, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue number:
N/A
Description of changes:
This fixes the kernel lockdown's documentation, since the default values changed in newer variants.
Testing done:
Documentation change, no testing required (other than just verify the render).
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.