Disable integrity, enable safesetid, only load yama by default

This commit is contained in:
Jan Alexander Steffens 2019-05-07 20:04:22 +00:00
parent 78a111327b
commit 10505f2f9b
2 changed files with 4 additions and 8 deletions

View File

@ -26,7 +26,7 @@ validpgpkeys=(
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
)
sha256sums=('SKIP'
'd1ad8403bfc9681bddf42300b1b51d8975506b91e791e341f839797513208eff'
'02390efe7637927502bc834daf3f413ea5e2cb084bca125372e70dc9438e824c'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')

10
config
View File

@ -9330,18 +9330,14 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_SECURITY_SAFESETID=y
# CONFIG_INTEGRITY is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
# CONFIG_DEFAULT_SECURITY_SMACK is not set
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity"
CONFIG_LSM="yama"
CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m