Message ID | 20190131120406.22391-1-po-hsu.lin@canonical.com |
---|---|
Headers | show |
Series | UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE | expand |
On 31.01.19 13:04, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1813866 > > This option allows disabling selinux after boot and it will conflict > with read-only LSM structures. Since Ubuntu is primarily using AppArmor > for its LSM, it makes sense to drop this feature in favor of the > protections offered by __ro_after_init markings on the LSM structures. > (LP: #1680315) > > Disable it to match the requirement in the kernel-security test suite. > > Po-Hsu Lin (1): > UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE > > debian.azure/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 2019-01-31 20:04:04 , Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1813866 > > This option allows disabling selinux after boot and it will conflict > with read-only LSM structures. Since Ubuntu is primarily using AppArmor > for its LSM, it makes sense to drop this feature in favor of the > protections offered by __ro_after_init markings on the LSM structures. > (LP: #1680315) > > Disable it to match the requirement in the kernel-security test suite. > > Po-Hsu Lin (1): > UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE > > debian.azure/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
On 1/31/19 1:04 PM, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1813866 > > This option allows disabling selinux after boot and it will conflict > with read-only LSM structures. Since Ubuntu is primarily using AppArmor > for its LSM, it makes sense to drop this feature in favor of the > protections offered by __ro_after_init markings on the LSM structures. > (LP: #1680315) > > Disable it to match the requirement in the kernel-security test suite. > > Po-Hsu Lin (1): > UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE > > debian.azure/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Applied to bionic/linux-azure/master-next and cosmic/linux-azure/master-next branches. Thanks, Kleber