NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libselinux: set the config_lsm kernel config option to selinux

Browse Source 
Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.

As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Adam Duskett 2020-07-31 13:40:52 -07:00 committed by Thomas Petazzoni
parent c38c1cde0d
commit b5bb766ff2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package/libselinux/libselinux.mk
View File

@ -111,6 +111,7 @@ define LIBSELINUX_LINUX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
$(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
endef
$(eval $(generic-package))