Ubuntu
linux package

  1. Bug #759725
  2. Comment #3

Comment 3 for bug 759725

Revision history for this message
Kees Cook (kees) wrote :

This mode change is "by design". For local admins that what to relax this restriction, you can use dpkg-statoverride:

  sudo dpkg-statoverride --add root root 0644 /boot/vmlinux-$(uname -r) --update

To have this automatically happen with each new kernel, create /etc/kernel/postinst.d/statoverride:

  #!/bin/sh
  version="$1"
  # passing the kernel version is required
  [ -z "${version}" ] && exit 0
  dpkg-statoverride --add root root 0644 /boot/vmlinux-${version} --update