[SRU][N:raspi][O:raspi][PATCH 1/1] UBUNTU: [Config] raspi: Enable landlock LSM by default
Juerg Haefliger
juerg.haefliger at canonical.com
Mon Oct 28 16:12:16 UTC 2024
BugLink: https://bugs.launchpad.net/bugs/2066885
The landlock LSM was introduced in 5.15 and forgotten to be enabled
for raspi. The only difference to the generic kernel should be the
(lack of the) lockdown LSM.
Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
---
debian.raspi/config/annotations | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian.raspi/config/annotations b/debian.raspi/config/annotations
index f69c52956c3e..9e5dcdb57a3d 100644
--- a/debian.raspi/config/annotations
+++ b/debian.raspi/config/annotations
@@ -380,7 +380,7 @@ CONFIG_LOGO_LINUX_CLUT224 policy<{'arm64': 'y'}> note<'Req
CONFIG_LOGO_LINUX_MONO policy<{'arm64': 'n'}> note<'Required for Pi (not in master)'>
CONFIG_LOGO_LINUX_VGA16 policy<{'arm64': 'n'}> note<'Required for Pi (not in master)'>
CONFIG_LOG_BUF_SHIFT policy<{'arm64': '17'}> note<'Different from master'>
-CONFIG_LSM policy<{'arm64': '"yama,integrity,apparmor"'}> note<'Required for Pi (different from master)'>
+CONFIG_LSM policy<{'arm64': '"landlock,yama,integrity,apparmor"'}> note<'Required for Pi (different from master)'>
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE policy<{'arm64': '0x1'}> note<'Required for Pi (different from master)'>
CONFIG_MAX5432 policy<{'arm64': 'n'}> note<'Different from master'>
CONFIG_MCTP policy<{'arm64': 'n'}> note<'Different from master'>
--
2.43.0
More information about the kernel-team
mailing list