FS#71270: Don't enable "bpf" LSM by default

It provides all possible hooks, which makes it harder to properly use major LSMs. Using security= to enable a major LSM puts it at the end of the list. Some functions (like security_getprocattr) only use the first matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
parent 3f21513a71
commit d7bf404c33
2 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@@ -25,7 +25,7 @@ validpgpkeys=(
  'A2FF3A36AAA56654109064AB19802F8B0D70FC30'  # Jan Alexander Steffens (heftig)
 )
 sha256sums=('SKIP'
-            '0d0691aa0f80fea0d9d204c05a845416dd443f3bb629cbb68e098e4d19cc841d')
+            '3179e545a24ca7ed4c53fdc60299262381b9b2c587fb66c82aece2133ef762a9')

 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase