From 452221e8ad4f11c589e73112b41b02ca7d229494 Mon Sep 17 00:00:00 2001
From: Andrew Rynhard <andrew@andrewrynhard.com>
Date: Fri, 24 Jan 2020 21:26:32 -0800
Subject: [PATCH] feat: build kernel lockdown LSM

This enables CONFIG_SECURITY_LOCKDOWN_LSM so that users can set a
lockdown mode.

Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
---
 kernel/config-amd64 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/config-amd64 b/kernel/config-amd64
index 5f91bfdef..90db790ec 100644
--- a/kernel/config-amd64
+++ b/kernel/config-amd64
@@ -4574,7 +4574,11 @@ CONFIG_FORTIFY_SOURCE=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM=y
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
 CONFIG_INTEGRITY_AUDIT=y