[C/linux-kvm][D/linux-kvm][SRU][PATCH 0/1] UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
Po-Hsu Lin
po-hsu.lin at canonical.com
Thu Mar 7 07:07:04 UTC 2019
I forgot to check if C/D KVM need this as well when sending the patch
for B.
BugLink: https://bugs.launchpad.net/bugs/1812153
CONFIG_SECURITY_SELINUX_DISABLE is expected to be disabled.
This option allows disabling selinux after boot and it will conflict
with read-only LSM structures. Since Ubuntu is primarily using AppArmor
for its LSM, it makes sense to drop this feature in favor of the
protections offered by __ro_after_init markings on the LSM structures.
(LP: #1680315)
Disable it to match the requirement in the kernel-security test suite.
Po-Hsu Lin (1):
UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
debian.kvm/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.7.4
More information about the kernel-team
mailing list