]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit - config/kernel/kernel.config.x86_64-ipfire
projects / people / pmueller / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5bd8fc1) | patch
kernel: Do not enforce "integrity" mode of LSM
authorPeter Müller <peter.mueller@ipfire.org>
Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
commit250f6efc3868f97914c42e94361932d86bd910db
treee452b176756f3de4853a37eba6ad1c7dcdeb1a62tree | snapshot
parent5bd8fc1273ebda6bf999da593a23fe1acdb04c6bcommit | diff
kernel: Do not enforce "integrity" mode of LSM

LSM was found to render firmware flashing unusable, and patching out LSM
functionality for all features needed (such as /dev/io, direct memory
access and probably raw PCI access for older cards), this would
effectively render much of LSM's functionality useless as well.

For the time being, we do ship LSM, but do not enforce any protection
mode. Users hence can run it in "integrity" or even "confidentiality"
mode by custom commands; hopefully, we will be able to revert this
change at a future point.

Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
config/kernel/kernel.config.aarch64-ipfire diff | blob | blame | history
config/kernel/kernel.config.armv6l-ipfire diff | blob | blame | history
config/kernel/kernel.config.riscv64-ipfire diff | blob | blame | history
config/kernel/kernel.config.x86_64-ipfire diff | blob | blame | history
Peter's tree of IPFire 2.x