From patchwork Thu Jan 17 06:24:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Po-Hsu Lin X-Patchwork-Id: 1026413 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43gDb10LJMz9sDB; Thu, 17 Jan 2019 17:25:16 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gk16u-000515-HV; Thu, 17 Jan 2019 06:25:04 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gk16s-00050R-Vb for kernel-team@lists.ubuntu.com; Thu, 17 Jan 2019 06:25:02 +0000 Received: from mail-pg1-f198.google.com ([209.85.215.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gk16s-0006WE-Iq for kernel-team@lists.ubuntu.com; Thu, 17 Jan 2019 06:25:02 +0000 Received: by mail-pg1-f198.google.com with SMTP id d71so5547741pgc.1 for ; Wed, 16 Jan 2019 22:25:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=i38lYlopjqGV2tz4omGq6qrov15OEJ+rq8FECMIyC/I=; b=CgugWb4auGSTNrlS//KBQQvqWz/QqlS+sGRa974IGnK9k2Fp0CRq8W6U8qrm8wD6Uy ug2CwqbOEI7ewuebbStguApTIHSwVjysEZZ50SwE1GG0PVSPpPC77vuetosYpRF5XypO be0nteTmFYo6ByCqShTX/4kueoDz36dQ+UEzwGtedKSKJXchD4nwXs9d8tAZNCfRrSC4 0q+77IQdTAzG9ltzznm/BQ6qPC9guPUpJHf9cRlPMXAY+7gY6Hut0jxoPFUKJRPaJP0Z NFg6Aefc5z+5WKeOGU88XlHHOIGw5J50N1BQob1Svgdgg3FvXsK0d2XbKD6LdXviTd+6 K+UQ== X-Gm-Message-State: AJcUukdz+A9jglYHsm8+kKIMJ8sQZmNJm3Ttox17zHH+QR1xuF0eGlGr OUCcrncZP6ULfQ+f5RFUaxWCCyjD7P1lAsI3z/2VJRZYuuhvyTy0OvE1EyWxiAd2tGgWcABuKo4 JZtYCsDcfRaD+PKOOTdwsA+6VaXknJCPUtdsmIsQ9 X-Received: by 2002:a63:c848:: with SMTP id l8mr12158760pgi.78.1547706300724; Wed, 16 Jan 2019 22:25:00 -0800 (PST) X-Google-Smtp-Source: ALg8bN608NvvH/osepXbLdD9/QJ/Vw/jOK0zupYaT+PlxJlCjj62LVE+12752ttQxZRfQXCnZ6KsfQ== X-Received: by 2002:a63:c848:: with SMTP id l8mr12158748pgi.78.1547706300426; Wed, 16 Jan 2019 22:25:00 -0800 (PST) Received: from Leggiero.taipei.internal (61-220-137-37.HINET-IP.hinet.net. [61.220.137.37]) by smtp.gmail.com with ESMTPSA id x3sm741786pgt.45.2019.01.16.22.24.58 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 22:24:59 -0800 (PST) From: Po-Hsu Lin To: kernel-team@lists.ubuntu.com Subject: [B/linux-kvm][SRU][PATCH 0/1] UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE Date: Thu, 17 Jan 2019 14:24:46 +0800 Message-Id: <20190117062447.20130-1-po-hsu.lin@canonical.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1812153 CONFIG_SECURITY_SELINUX_DISABLE is expected to be disabled. This option allows disabling selinux after boot and it will conflict with read-only LSM structures. Since Ubuntu is primarily using AppArmor for its LSM, it makes sense to drop this feature in favor of the protections offered by __ro_after_init markings on the LSM structures. (LP: #1680315) Disable it to match the requirement in the kernel-security test suite. Po-Hsu Lin (1): UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE debian.kvm/config/config.common.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)