Put lockdown LSM into default initialization list
This commit is contained in:
parent
d917c0fbc9
commit
f4bf2c8d61
2
PKGBUILD
2
PKGBUILD
|
@ -25,7 +25,7 @@ validpgpkeys=(
|
||||||
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
|
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
|
||||||
)
|
)
|
||||||
sha256sums=('SKIP'
|
sha256sums=('SKIP'
|
||||||
'5c809f7ca4f21ebd95368533b20c0ed78fe2e006762dff742e5fd0751521ad11')
|
'e78bfa9f5a1065d93396a37d59043bd79805f4681df27ef44dcddea8de092818')
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
export KBUILD_BUILD_HOST=archlinux
|
||||||
export KBUILD_BUILD_USER=$pkgbase
|
export KBUILD_BUILD_USER=$pkgbase
|
||||||
|
|
2
config
2
config
|
@ -10021,7 +10021,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||||
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_LSM="yama"
|
CONFIG_LSM="lockdown,yama"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Kernel hardening options
|
# Kernel hardening options
|
||||||
|
|
Loading…
Reference in New Issue