Update security config

- Build in loadpin, but keep it disabled by default - Enable bpf by default
2021-02-04 00:25:55 +00:00
parent d04972b60c
commit 861c5dfd04
2 changed files with 4 additions and 3 deletions
--- a/5
+++ b/5
@@ -9387,7 +9387,8 @@ CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 # CONFIG_SECURITY_APPARMOR_DEBUG is not set
-# CONFIG_SECURITY_LOADPIN is not set
+CONFIG_SECURITY_LOADPIN=y
+CONFIG_SECURITY_LOADPIN_ENFORCE=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_SAFESETID=y
 CONFIG_SECURITY_LOCKDOWN_LSM=y
@@ -9402,7 +9403,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama"
+CONFIG_LSM="lockdown,yama,bpf"

 #
 # Kernel hardening options