Skip to content

Commit

Permalink
feat: build kernel lockdown LSM
Browse files Browse the repository at this point in the history 
This enables CONFIG_SECURITY_LOCKDOWN_LSM so that users can set a
lockdown mode.

Signed-off-by: Andrew Rynhard <[email protected]>
  • Loading branch information
@andrewrynhard
andrewrynhard committed Jan 28, 2020
1 parent 02a0356 commit 452221e
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion kernel/config-amd64
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4574,7 +4574,11 @@ CONFIG_FORTIFY_SOURCE=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
# CONFIG_SECURITY_SAFESETID is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
CONFIG_INTEGRITY_AUDIT=y
Expand Down

0 comments on commit 452221e

Please sign in to comment.