[C/linux-kvm][D/linux-kvm][SRU][PATCH 0/1] UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
Khaled Elmously
khalid.elmously at canonical.com
Fri Mar 8 03:22:29 UTC 2019
On 2019-03-07 15:07:04 , Po-Hsu Lin wrote:
> I forgot to check if C/D KVM need this as well when sending the patch
> for B.
>
> BugLink: https://bugs.launchpad.net/bugs/1812153
>
> CONFIG_SECURITY_SELINUX_DISABLE is expected to be disabled.
>
> This option allows disabling selinux after boot and it will conflict
> with read-only LSM structures. Since Ubuntu is primarily using AppArmor
> for its LSM, it makes sense to drop this feature in favor of the
> protections offered by __ro_after_init markings on the LSM structures.
> (LP: #1680315)
>
> Disable it to match the requirement in the kernel-security test suite.
>
> Po-Hsu Lin (1):
> UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
>
> debian.kvm/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Khalid Elmously <khalid.elmously at canonical.com>
More information about the kernel-team
mailing list