From d7bf404c33ad83df0f7c50e0959e44adca74c0a5 Mon Sep 17 00:00:00 2001
From: Jan Alexander Steffens <heftig@archlinux.org>
Date: Wed, 16 Jun 2021 22:13:34 +0000
Subject: [PATCH] FS#71270: Don't enable "bpf" LSM by default

It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
---
 PKGBUILD | 2 +-
 config   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index b410b5a..cd85a70 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -25,7 +25,7 @@ validpgpkeys=(
   'A2FF3A36AAA56654109064AB19802F8B0D70FC30'  # Jan Alexander Steffens (heftig)
 )
 sha256sums=('SKIP'
-            '0d0691aa0f80fea0d9d204c05a845416dd443f3bb629cbb68e098e4d19cc841d')
+            '3179e545a24ca7ed4c53fdc60299262381b9b2c587fb66c82aece2133ef762a9')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase
diff --git a/config b/config
index 29de5dd..19e022c 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.12.8-arch1 Kernel Configuration
+# Linux/x86 5.12.10-arch1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0"
 CONFIG_CC_IS_GCC=y
@@ -9689,7 +9689,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama,bpf"
+CONFIG_LSM="lockdown,yama"
 
 #
 # Kernel hardening options