From 861c5dfd045f170aa21fc0a431cae5a18dc08e09 Mon Sep 17 00:00:00 2001 From: Jan Alexander Steffens Date: Thu, 4 Feb 2021 00:25:55 +0000 Subject: [PATCH] Update security config - Build in loadpin, but keep it disabled by default - Enable bpf by default --- PKGBUILD | 2 +- config | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/PKGBUILD b/PKGBUILD index 159c32f..94a498a 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -25,7 +25,7 @@ validpgpkeys=( 'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig) ) sha256sums=('SKIP' - '362fe0e8677e6c2657f487df622734051f70176c10ce5614d52e3be83cde07b7') + 'cee02f5cca8e0d456dcb447d2537bed0abf311f7fef0dfe0ceed21997183b879') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase diff --git a/config b/config index 5b4d966..4b4052b 100644 --- a/config +++ b/config @@ -9387,7 +9387,8 @@ CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set -# CONFIG_SECURITY_LOADPIN is not set +CONFIG_SECURITY_LOADPIN=y +CONFIG_SECURITY_LOADPIN_ENFORCE=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_SAFESETID=y CONFIG_SECURITY_LOCKDOWN_LSM=y @@ -9402,7 +9403,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="lockdown,yama" +CONFIG_LSM="lockdown,yama,bpf" # # Kernel hardening options