[PATCH 1/3] UBUNTU: [Config] loadpin shouldn't be in CONFIG_LSM

John Johansen john.johansen at canonical.com
Wed Sep 25 22:24:56 UTC 2019 

On 9/25/19 2:43 PM, Tyler Hicks wrote:
> BugLink: https://launchpad.net/bugs/1845383
> 
> CONFIG_SECURITY_LOADPIN is disabled so it doesn't make sense to include
> "loadpin" in CONFIG_LSM.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: John Johansen <john.johnansen at canonical.com>

> ---
>  debian.master/config/annotations          | 2 +-
>  debian.master/config/config.common.ubuntu | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/debian.master/config/annotations b/debian.master/config/annotations
> index 3951b0e900d1..ff5c7c95f3dc 100644
> --- a/debian.master/config/annotations
> +++ b/debian.master/config/annotations
> @@ -12625,7 +12625,7 @@ CONFIG_LOCK_DOWN_KERNEL                         policy<{'amd64': 'y', 'arm64': '
>  CONFIG_LOCK_DOWN_KERNEL_FORCE                   policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 's390x': 'n'}>
>  CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ             policy<{'amd64': 'y', 'i386': 'y'}>
>  CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT             policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}>
> -CONFIG_LSM                                      policy<{'amd64': '"yama,loadpin,integrity,apparmor"', 'arm64': '"yama,loadpin,integrity,apparmor"', 'armhf': '"yama,loadpin,integrity,apparmor"', 'i386': '"yama,loadpin,integrity,apparmor"', 'ppc64el': '"yama,loadpin,integrity,apparmor"', 's390x': '"yama,loadpin,integrity,apparmor"'}>
> +CONFIG_LSM                                      policy<{'amd64': '"yama,integrity,apparmor"', 'arm64': '"yama,integrity,apparmor"', 'armhf': '"yama,integrity,apparmor"', 'i386': '"yama,integrity,apparmor"', 'ppc64el': '"yama,integrity,apparmor"', 's390x': '"yama,integrity,apparmor"'}>
>  #
>  CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT             mark<ENFORCED>
>  CONFIG_LOCK_DOWN_KERNEL                         mark<ENFORCED> flag<REVIEW>
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index a8d8746194fe..3fe1950d0fff 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -5201,7 +5201,7 @@ CONFIG_LPARCFG=y
>  # CONFIG_LP_CONSOLE is not set
>  CONFIG_LRU_CACHE=m
>  CONFIG_LSI_ET1011C_PHY=m
> -CONFIG_LSM="yama,loadpin,integrity,apparmor"
> +CONFIG_LSM="yama,integrity,apparmor"
>  CONFIG_LSM_MMAP_MIN_ADDR=0
>  CONFIG_LS_SCFG_MSI=y
>  CONFIG_LTC1660=m
>

More information about the kernel-team mailing list