[arch-commits] Commit in linux/trunk (PKGBUILD config)
Jan Steffens
heftig at archlinux.org
Wed Jun 16 22:13:34 UTC 2021
Date: Wednesday, June 16, 2021 @ 22:13:34
Author: heftig
Revision: 418371
FS#71270: Don't enable "bpf" LSM by default
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
Modified:
linux/trunk/PKGBUILD
linux/trunk/config
----------+
PKGBUILD | 2 +-
config | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-06-16 20:41:02 UTC (rev 418370)
+++ PKGBUILD 2021-06-16 22:13:34 UTC (rev 418371)
@@ -25,7 +25,7 @@
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig)
)
sha256sums=('SKIP'
- '0d0691aa0f80fea0d9d204c05a845416dd443f3bb629cbb68e098e4d19cc841d')
+ '3179e545a24ca7ed4c53fdc60299262381b9b2c587fb66c82aece2133ef762a9')
export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase
Modified: config
===================================================================
--- config 2021-06-16 20:41:02 UTC (rev 418370)
+++ config 2021-06-16 22:13:34 UTC (rev 418371)
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.12.8-arch1 Kernel Configuration
+# Linux/x86 5.12.10-arch1 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0"
CONFIG_CC_IS_GCC=y
@@ -9689,7 +9689,7 @@
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama,bpf"
+CONFIG_LSM="lockdown,yama"
#
# Kernel hardening options
More information about the arch-commits
mailing list