summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2023-03-10 09:54:01 +0100
committerPaul Moore <paul@paul-moore.com>2023-03-10 18:34:33 -0500
commitb9b8701b43146f5ebd7fe13d89103cfc545cda34 (patch)
tree1716e4cb611ec11ca1b799bd0b6fd62c6350b31e /security
parentb7c1ae4bcc5b7e737b46d469959446afc76d3165 (diff)
security: Remove integrity from the LSM list in Kconfig
Remove 'integrity' from the list of LSMs in Kconfig, as it is no longer necessary. Since the recent change (set order to LSM_ORDER_LAST), the 'integrity' LSM is always enabled (if selected in the kernel configuration). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig16
1 files changed, 9 insertions, 7 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e6db09a779b7..1699dda68216 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -246,15 +246,17 @@ endchoice
config LSM
string "Ordered list of enabled LSMs"
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
+ default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
+ default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
+ default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
+ default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
+ default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
help
A comma-separated list of LSMs, in initialization order.
- Any LSMs left off this list will be ignored. This can be
- controlled at boot with the "lsm=" parameter.
+ Any LSMs left off this list, except for those with order
+ LSM_ORDER_FIRST and LSM_ORDER_LAST, which are always enabled
+ if selected in the kernel configuration, will be ignored.
+ This can be controlled at boot with the "lsm=" parameter.
If unsure, leave this as the default.