test-kernel-security.py: linux-gcp*/5.4 no longer assumes READ_IMPLIES_EXEC
With commit "UBUNTU: SAUCE: arm64: Split the old READ_IMPLIES_EXEC
workaround from executable"[1], the 5.4 linux-gcp kernel and its
derivatives no longer default to READ_IMPLIES_EXEC if PT_GNU_STACK
doesn't exist.
QRT-Alternates does not stop at first successful installation,
instead it goes through the whole list. It has the ability to
specify the package to be installed according to the release.
Also adding a note to try to keep one line per package
specification for a better maintainability.
a230a30...
by
"Leonidas S. Barbosa" <leo.barbosa@canonical>
test-kernel-security: compensate for changed unpriv_bpf default
For many reasons, we have now changed the default setting for
unprivileged ebpf to be disabled by default, but possible to re-enable
by a systems administrator without rebooting for all kernels back to
4.4. Adjust bpf default setting test to compensate.
TODO: write tests to validate the setting enforces as expected.