kernel: Do not enforce "integrity" mode of LSM

author Peter Müller <peter.mueller@ipfire.org>

Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)

committer Peter Müller <peter.mueller@ipfire.org>

Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
author Peter Müller <peter.mueller@ipfire.org>
Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
committer Peter Müller <peter.mueller@ipfire.org>
Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire

index 8aea57e373ef9476e47feba6e33e54499a40d318..5b8538f69af7c6120c8ee18df5afc9a1dce76eee 100644 (file)
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -7559,8 +7559,8 @@ CONFIG_FORTIFY_SOURCE=y
  # CONFIG_SECURITY_SAFESETID is not set
  CONFIG_SECURITY_LOCKDOWN_LSM=y
  CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
-CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
  # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
  # CONFIG_SECURITY_LANDLOCK is not set
  CONFIG_INTEGRITY=y
diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire

index 178c2ab6b4cf23aa1b8d197ce5b233f24ee09b0a..c10b117dae26159c8ba1d456e1398c422f457584 100644 (file)
--- a/config/kernel/kernel.config.armv6l-ipfire
+++ b/config/kernel/kernel.config.armv6l-ipfire
@@ -7565,8 +7565,8 @@ CONFIG_HARDENED_USERCOPY_PAGESPAN=y
  # CONFIG_SECURITY_SAFESETID is not set
  CONFIG_SECURITY_LOCKDOWN_LSM=y
  CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
-CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
  # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
  # CONFIG_SECURITY_LANDLOCK is not set
  CONFIG_INTEGRITY=y
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire

index ec09eacdf8d3977ac0bdd7ef16ff6c2ccb2507f5..2d1fdbd285d0fcec77821a467ef593ffa35131a5 100644 (file)
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -6197,8 +6197,8 @@ CONFIG_FORTIFY_SOURCE=y
  # CONFIG_SECURITY_SAFESETID is not set
  CONFIG_SECURITY_LOCKDOWN_LSM=y
  CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
-CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
  # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
  # CONFIG_SECURITY_LANDLOCK is not set
  CONFIG_INTEGRITY=y
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire

index 773845765e11a2ff7da512f9e3cf0709513d94ca..5549a1aa48b0024f61c4ad009ad40d4c0873694a 100644 (file)
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -6975,8 +6975,8 @@ CONFIG_FORTIFY_SOURCE=y
  # CONFIG_SECURITY_SAFESETID is not set
  CONFIG_SECURITY_LOCKDOWN_LSM=y
  CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
-CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
  # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
  # CONFIG_SECURITY_LANDLOCK is not set
  CONFIG_INTEGRITY=y
author	Peter Müller <peter.mueller@ipfire.org>
	Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
committer	Peter Müller <peter.mueller@ipfire.org>
	Thu, 21 Apr 2022 19:30:42 +0000 (19:30 +0000)
config/kernel/kernel.config.aarch64-ipfire		patch \| blob \| blame \| history
config/kernel/kernel.config.armv6l-ipfire		patch \| blob \| blame \| history
config/kernel/kernel.config.riscv64-ipfire		patch \| blob \| blame \| history
config/kernel/kernel.config.x86_64-ipfire		patch \| blob \| blame \| history