Update security config
- Build in loadpin, but keep it disabled by default - Enable bpf by default
This commit is contained in:
parent
d04972b60c
commit
861c5dfd04
2
PKGBUILD
2
PKGBUILD
|
@ -25,7 +25,7 @@ validpgpkeys=(
|
||||||
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig)
|
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig)
|
||||||
)
|
)
|
||||||
sha256sums=('SKIP'
|
sha256sums=('SKIP'
|
||||||
'362fe0e8677e6c2657f487df622734051f70176c10ce5614d52e3be83cde07b7')
|
'cee02f5cca8e0d456dcb447d2537bed0abf311f7fef0dfe0ceed21997183b879')
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
export KBUILD_BUILD_HOST=archlinux
|
||||||
export KBUILD_BUILD_USER=$pkgbase
|
export KBUILD_BUILD_USER=$pkgbase
|
||||||
|
|
5
config
5
config
|
@ -9387,7 +9387,8 @@ CONFIG_SECURITY_APPARMOR=y
|
||||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||||
# CONFIG_SECURITY_LOADPIN is not set
|
CONFIG_SECURITY_LOADPIN=y
|
||||||
|
CONFIG_SECURITY_LOADPIN_ENFORCE=y
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_SECURITY_SAFESETID=y
|
CONFIG_SECURITY_SAFESETID=y
|
||||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||||
|
@ -9402,7 +9403,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||||
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_LSM="lockdown,yama"
|
CONFIG_LSM="lockdown,yama,bpf"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Kernel hardening options
|
# Kernel hardening options
|
||||||
|
|
Loading…
Reference in New Issue