FS#75102: Add integrity to LSM

This only initializes a cache which is used by IMA. So it does nothing useful. Still, we technically have the integrity LSM and this removes a footgun should IMA ever get enabled.
2022-06-19 20:12:32 +00:00 · 2022-06-19 20:12:32 +00:00 · 5f3729800f
commit 5f3729800f
parent 2e8ca45bc9
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@ -26,7 +26,7 @@ validpgpkeys=(
  'C7E7849466FE2358343588377258734B41C31549'  # David Runge <dvzrv@archlinux.org>
 )
 sha256sums=('SKIP'
-            '6379ddf576a09bf353e2dc83eb93e2ba34dc4be82ce07e30a6eb5e7ca8872048')
+            '533d32e1f6c33f7f390796af18dc3dca0a6aa294f8e9340600cd86c8df65e25b')

 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase
--- a/2
+++ b/2
@ -10221,7 +10221,7 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="landlock,lockdown,yama,bpf"
+CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"

 #
 # Kernel hardening options