[arch-commits] Commit in linux/trunk (PKGBUILD config)
Jan Steffens
heftig at archlinux.org
Thu Feb 4 00:25:55 UTC 2021
Date: Thursday, February 4, 2021 @ 00:25:55
Author: heftig
Revision: 407195
Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
Modified:
linux/trunk/PKGBUILD
linux/trunk/config
----------+
PKGBUILD | 2 +-
config | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-02-03 23:41:29 UTC (rev 407194)
+++ PKGBUILD 2021-02-04 00:25:55 UTC (rev 407195)
@@ -25,7 +25,7 @@
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig)
)
sha256sums=('SKIP'
- '362fe0e8677e6c2657f487df622734051f70176c10ce5614d52e3be83cde07b7')
+ 'cee02f5cca8e0d456dcb447d2537bed0abf311f7fef0dfe0ceed21997183b879')
export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase
Modified: config
===================================================================
--- config 2021-02-03 23:41:29 UTC (rev 407194)
+++ config 2021-02-04 00:25:55 UTC (rev 407195)
@@ -9387,7 +9387,8 @@
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
-# CONFIG_SECURITY_LOADPIN is not set
+CONFIG_SECURITY_LOADPIN=y
+CONFIG_SECURITY_LOADPIN_ENFORCE=y
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_SAFESETID=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
@@ -9402,7 +9403,7 @@
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama"
+CONFIG_LSM="lockdown,yama,bpf"
#
# Kernel hardening options
More information about the arch-commits
mailing list