archlinux/linux-seba
1
0
Fork 0
generated from archlinux/template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FS#71270: Don't enable "bpf" LSM by default

Browse Source 
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
This commit is contained in:
Jan Alexander Steffens
2021-06-16 22:13:34 +00:00
parent 3f21513a71
commit d7bf404c33
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config
View File

@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 5.12.8-arch1 Kernel Configuration
# Linux/x86 5.12.10-arch1 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0"
CONFIG_CC_IS_GCC=y
@@ -9689,7 +9689,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="lockdown,yama,bpf"
CONFIG_LSM="lockdown,yama"
#
# Kernel hardening options