APPLIED: [B/linux-kvm][SRU][PATCH 0/1] UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
Khaled Elmously
khalid.elmously at canonical.com
Sun Jan 27 23:55:56 UTC 2019
On 2019-01-17 14:24:46 , Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1812153
>
> CONFIG_SECURITY_SELINUX_DISABLE is expected to be disabled.
>
> This option allows disabling selinux after boot and it will conflict
> with read-only LSM structures. Since Ubuntu is primarily using AppArmor
> for its LSM, it makes sense to drop this feature in favor of the
> protections offered by __ro_after_init markings on the LSM structures.
> (LP: #1680315)
>
> Disable it to match the requirement in the kernel-security test suite.
>
> Po-Hsu Lin (1):
> UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
>
> debian.kvm/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list