From simeddon at gmail.com  Thu Aug  1 10:23:57 2024
From: simeddon at gmail.com (Siddharth Menon)
Date: Thu,  1 Aug 2024 15:53:57 +0530
Subject: [apparmor] [PATCH v2 1/1] Docs: Update LSM/apparmor.rst
Message-ID: <20240801102356.93591-1-simeddon@gmail.com>

Docs: Update LSM/apparmor.rst

After the deprecation of CONFIG_DEFAULT_SECURITY, it is no longer used
to enable and configuring AppArmor.
Since kernel 5.0, `CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE` is not
used either. Instead, the CONFIG_LSM parameter manages the order and
selection of LSMs.

Signed-off-by: Siddharth Menon <simeddon at gmail.com>
---
V1 -> V2: Removed historical information and addressed review comments
 
 Documentation/admin-guide/LSM/apparmor.rst | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Documentation/admin-guide/LSM/apparmor.rst b/Documentation/admin-guide/LSM/apparmor.rst
index 6cf81bbd7ce8..47939ee89d74 100644
--- a/Documentation/admin-guide/LSM/apparmor.rst
+++ b/Documentation/admin-guide/LSM/apparmor.rst
@@ -18,8 +18,11 @@ set ``CONFIG_SECURITY_APPARMOR=y``
 
 If AppArmor should be selected as the default security module then set::
 
-   CONFIG_DEFAULT_SECURITY="apparmor"
-   CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+   CONFIG_DEFAULT_SECURITY_APPARMOR=y
+
+The CONFIG_LSM parameter manages the order and selection of LSMs.
+Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack)
+in the list.
 
 Build the kernel
 
-- 
2.39.2