Changeset 99550 in vbox

Timestamp:

Apr 27, 2023 2:26:22 PM (19 months ago)

Author:

vboxsync

Message:

Linux: rcvboxdrv, rcvboxadd: take into account CONFIG_LOCK_DOWN_KERNEL when detecting if kernel in lockdown mode, bugref:10287.

This option is in use by older kernels such as 4.18.0-147.el8.

Location:

trunk/src/VBox

Files:

• Additions/linux/installer/vboxadd.sh (modified) (1 diff)
• Installer/linux/vboxdrv.sh (modified) (1 diff)

trunk/src/VBox/Additions/linux/installer/vboxadd.sh

@@ -457 +457 @@
 
         # Unsigned modules loading is restricted by "lockdown" feature in runtime.
-        if [   "$(kernel_get_config_opt "$kern_ver" "CONFIG_SECURITY_LOCKDOWN_LSM")" = "y" \
+        if [   "$(kernel_get_config_opt "$kern_ver" "CONFIG_LOCK_DOWN_KERNEL")" = "y" \
+            -o "$(kernel_get_config_opt "$kern_ver" "CONFIG_SECURITY_LOCKDOWN_LSM")" = "y" \
             -o "$(kernel_get_config_opt "$kern_ver" "CONFIG_SECURITY_LOCKDOWN_LSM_EARLY")" = "y" ]; then
 

trunk/src/VBox/Installer/linux/vboxdrv.sh

@@ -396 +396 @@
 
         # Unsigned modules loading is restricted by "lockdown" feature in runtime.
-        if [   "$(kernel_get_config_opt "CONFIG_SECURITY_LOCKDOWN_LSM")" = "y" \
+        if [   "$(kernel_get_config_opt "CONFIG_LOCK_DOWN_KERNEL")" = "y" \
+            -o "$(kernel_get_config_opt "CONFIG_SECURITY_LOCKDOWN_LSM")" = "y" \
             -o "$(kernel_get_config_opt "CONFIG_SECURITY_LOCKDOWN_LSM_EARLY")" = "y" ]; then