FS#75102: Add integrity to LSM
This only initializes a cache which is used by IMA. So it does nothing useful. Still, we technically have the integrity LSM and this removes a footgun should IMA ever get enabled.
This commit is contained in:
parent
2e8ca45bc9
commit
5f3729800f
2
PKGBUILD
2
PKGBUILD
|
@ -26,7 +26,7 @@ validpgpkeys=(
|
||||||
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
|
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
|
||||||
)
|
)
|
||||||
sha256sums=('SKIP'
|
sha256sums=('SKIP'
|
||||||
'6379ddf576a09bf353e2dc83eb93e2ba34dc4be82ce07e30a6eb5e7ca8872048')
|
'533d32e1f6c33f7f390796af18dc3dca0a6aa294f8e9340600cd86c8df65e25b')
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
export KBUILD_BUILD_HOST=archlinux
|
||||||
export KBUILD_BUILD_USER=$pkgbase
|
export KBUILD_BUILD_USER=$pkgbase
|
||||||
|
|
2
config
2
config
|
@ -10221,7 +10221,7 @@ CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_LSM="landlock,lockdown,yama,bpf"
|
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Kernel hardening options
|
# Kernel hardening options
|
||||||
|
|
Loading…
Reference in New Issue