FS#75102: Add integrity to LSM
This only initializes a cache which is used by IMA. So it does nothing useful. Still, we technically have the integrity LSM and this removes a footgun should IMA ever get enabled.
This commit is contained in:
parent
2e8ca45bc9
commit
5f3729800f
2
PKGBUILD
2
PKGBUILD
@ -26,7 +26,7 @@ validpgpkeys=(
|
||||
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
|
||||
)
|
||||
sha256sums=('SKIP'
|
||||
'6379ddf576a09bf353e2dc83eb93e2ba34dc4be82ce07e30a6eb5e7ca8872048')
|
||||
'533d32e1f6c33f7f390796af18dc3dca0a6aa294f8e9340600cd86c8df65e25b')
|
||||
|
||||
export KBUILD_BUILD_HOST=archlinux
|
||||
export KBUILD_BUILD_USER=$pkgbase
|
||||
|
2
config
2
config
@ -10221,7 +10221,7 @@ CONFIG_INTEGRITY_AUDIT=y
|
||||
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="landlock,lockdown,yama,bpf"
|
||||
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
|
Loading…
Reference in New Issue
Block a user