FS#75102: Add integrity to LSM

This only initializes a cache which is used by IMA. So it does nothing
useful. Still, we technically have the integrity LSM and this removes a
footgun should IMA ever get enabled.
This commit is contained in:
Jan Alexander Steffens 2022-06-19 20:12:32 +00:00
parent 2e8ca45bc9
commit 5f3729800f
2 changed files with 2 additions and 2 deletions

View File

@ -26,7 +26,7 @@ validpgpkeys=(
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org> 'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
) )
sha256sums=('SKIP' sha256sums=('SKIP'
'6379ddf576a09bf353e2dc83eb93e2ba34dc4be82ce07e30a6eb5e7ca8872048') '533d32e1f6c33f7f390796af18dc3dca0a6aa294f8e9340600cd86c8df65e25b')
export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase export KBUILD_BUILD_USER=$pkgbase

2
config
View File

@ -10221,7 +10221,7 @@ CONFIG_INTEGRITY_AUDIT=y
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="landlock,lockdown,yama,bpf" CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
# #
# Kernel hardening options # Kernel hardening options