diff mbox series

[1/9] package/libselinux: set the config_lsm kernel config option to selinux

Message ID 20200731204100.1171427-2-aduskett@gmail.com
State New
Headers show
Series package/libselinux: kernel munging fixups | expand

Commit Message

Adam Duskett July 31, 2020, 8:40 p.m. UTC
From: Adam Duskett <Aduskett@gmail.com>

Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.

As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/libselinux/libselinux.mk | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index f7397141d5..521dbaaba8 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -111,6 +111,7 @@  define LIBSELINUX_LINUX_CONFIG_FIXUPS
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
 	$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
+	$(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
 endef
 
 $(eval $(generic-package))