[arch-commits] Commit in linux/trunk (PKGBUILD config)

Jan Steffens heftig at archlinux.org
Thu Feb 4 00:25:55 UTC 2021


    Date: Thursday, February 4, 2021 @ 00:25:55
  Author: heftig
Revision: 407195

Update security config

- Build in loadpin, but keep it disabled by default
- Enable bpf by default

Modified:
  linux/trunk/PKGBUILD
  linux/trunk/config

----------+
 PKGBUILD |    2 +-
 config   |    5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-02-03 23:41:29 UTC (rev 407194)
+++ PKGBUILD	2021-02-04 00:25:55 UTC (rev 407195)
@@ -25,7 +25,7 @@
   'A2FF3A36AAA56654109064AB19802F8B0D70FC30'  # Jan Alexander Steffens (heftig)
 )
 sha256sums=('SKIP'
-            '362fe0e8677e6c2657f487df622734051f70176c10ce5614d52e3be83cde07b7')
+            'cee02f5cca8e0d456dcb447d2537bed0abf311f7fef0dfe0ceed21997183b879')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

Modified: config
===================================================================
--- config	2021-02-03 23:41:29 UTC (rev 407194)
+++ config	2021-02-04 00:25:55 UTC (rev 407195)
@@ -9387,7 +9387,8 @@
 CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 # CONFIG_SECURITY_APPARMOR_DEBUG is not set
-# CONFIG_SECURITY_LOADPIN is not set
+CONFIG_SECURITY_LOADPIN=y
+CONFIG_SECURITY_LOADPIN_ENFORCE=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_SAFESETID=y
 CONFIG_SECURITY_LOCKDOWN_LSM=y
@@ -9402,7 +9403,7 @@
 # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama"
+CONFIG_LSM="lockdown,yama,bpf"
 
 #
 # Kernel hardening options


More information about the arch-commits mailing list