APPLIED: [D/linux-kvm][SRU][PATCH 1/1] UBUNTU: [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
Seth Forshee
seth.forshee at canonical.com
Wed Mar 27 15:41:29 UTC 2019
On Thu, Mar 07, 2019 at 03:07:06PM +0800, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1812153
>
> CONFIG_SECURITY_SELINUX_DISABLE is expected to be disabled.
>
> This option allows disabling selinux after boot and it will conflict
> with read-only LSM structures. Since Ubuntu is primarily using AppArmor
> for its LSM, it makes sense to drop this feature in favor of the
> protections offered by __ro_after_init markings on the LSM structures.
> (LP: #1680315)
>
> Disable it to match the requirement in the kernel-security test suite.
>
> Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Applied, thanks!
More information about the kernel-team
mailing list