Message ID | 20190925214354.1818-2-tyhicks@canonical.com |
---|---|
State | New |
Headers | show |
Series | LSM changes for Eoan | expand |
On 9/25/19 2:43 PM, Tyler Hicks wrote: > BugLink: https://launchpad.net/bugs/1845383 > > CONFIG_SECURITY_LOADPIN is disabled so it doesn't make sense to include > "loadpin" in CONFIG_LSM. > > Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johnansen@canonical.com> > --- > debian.master/config/annotations | 2 +- > debian.master/config/config.common.ubuntu | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/debian.master/config/annotations b/debian.master/config/annotations > index 3951b0e900d1..ff5c7c95f3dc 100644 > --- a/debian.master/config/annotations > +++ b/debian.master/config/annotations > @@ -12625,7 +12625,7 @@ CONFIG_LOCK_DOWN_KERNEL policy<{'amd64': 'y', 'arm64': ' > CONFIG_LOCK_DOWN_KERNEL_FORCE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 's390x': 'n'}> > CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ policy<{'amd64': 'y', 'i386': 'y'}> > CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}> > -CONFIG_LSM policy<{'amd64': '"yama,loadpin,integrity,apparmor"', 'arm64': '"yama,loadpin,integrity,apparmor"', 'armhf': '"yama,loadpin,integrity,apparmor"', 'i386': '"yama,loadpin,integrity,apparmor"', 'ppc64el': '"yama,loadpin,integrity,apparmor"', 's390x': '"yama,loadpin,integrity,apparmor"'}> > +CONFIG_LSM policy<{'amd64': '"yama,integrity,apparmor"', 'arm64': '"yama,integrity,apparmor"', 'armhf': '"yama,integrity,apparmor"', 'i386': '"yama,integrity,apparmor"', 'ppc64el': '"yama,integrity,apparmor"', 's390x': '"yama,integrity,apparmor"'}> > # > CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT mark<ENFORCED> > CONFIG_LOCK_DOWN_KERNEL mark<ENFORCED> flag<REVIEW> > diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu > index a8d8746194fe..3fe1950d0fff 100644 > --- a/debian.master/config/config.common.ubuntu > +++ b/debian.master/config/config.common.ubuntu > @@ -5201,7 +5201,7 @@ CONFIG_LPARCFG=y > # CONFIG_LP_CONSOLE is not set > CONFIG_LRU_CACHE=m > CONFIG_LSI_ET1011C_PHY=m > -CONFIG_LSM="yama,loadpin,integrity,apparmor" > +CONFIG_LSM="yama,integrity,apparmor" > CONFIG_LSM_MMAP_MIN_ADDR=0 > CONFIG_LS_SCFG_MSI=y > CONFIG_LTC1660=m >
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 3951b0e900d1..ff5c7c95f3dc 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -12625,7 +12625,7 @@ CONFIG_LOCK_DOWN_KERNEL policy<{'amd64': 'y', 'arm64': ' CONFIG_LOCK_DOWN_KERNEL_FORCE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 's390x': 'n'}> CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ policy<{'amd64': 'y', 'i386': 'y'}> CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}> -CONFIG_LSM policy<{'amd64': '"yama,loadpin,integrity,apparmor"', 'arm64': '"yama,loadpin,integrity,apparmor"', 'armhf': '"yama,loadpin,integrity,apparmor"', 'i386': '"yama,loadpin,integrity,apparmor"', 'ppc64el': '"yama,loadpin,integrity,apparmor"', 's390x': '"yama,loadpin,integrity,apparmor"'}> +CONFIG_LSM policy<{'amd64': '"yama,integrity,apparmor"', 'arm64': '"yama,integrity,apparmor"', 'armhf': '"yama,integrity,apparmor"', 'i386': '"yama,integrity,apparmor"', 'ppc64el': '"yama,integrity,apparmor"', 's390x': '"yama,integrity,apparmor"'}> # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT mark<ENFORCED> CONFIG_LOCK_DOWN_KERNEL mark<ENFORCED> flag<REVIEW> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index a8d8746194fe..3fe1950d0fff 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -5201,7 +5201,7 @@ CONFIG_LPARCFG=y # CONFIG_LP_CONSOLE is not set CONFIG_LRU_CACHE=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="yama,loadpin,integrity,apparmor" +CONFIG_LSM="yama,integrity,apparmor" CONFIG_LSM_MMAP_MIN_ADDR=0 CONFIG_LS_SCFG_MSI=y CONFIG_LTC1660=m
BugLink: https://launchpad.net/bugs/1845383 CONFIG_SECURITY_LOADPIN is disabled so it doesn't make sense to include "loadpin" in CONFIG_LSM. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> --- debian.master/config/annotations | 2 +- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)