]> git.ipfire.org Git - ipfire-3.x.git/commitdiff
projects / ipfire-3.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 445b556)
kernel: Enable Kernel Lockdown in Confidentiality Mode
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 14 Dec 2022 15:53:51 +0000 (15:53 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 15 Dec 2022 15:51:22 +0000 (15:51 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
kernel/config-generic patch | blob | blame | history
kernel/kernel.nm patch | blob | blame | history

diff --git a/kernel/config-generic b/kernel/config-generic
index 2c6726eadb464313ab66a55a678975ed86d15938..5abff0c2389140ef993ffa7177519e67d8536793 100644 (file)
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -96,7 +96,7 @@ CONFIG_BPF_JIT_DEFAULT_ON=y
 CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # end of BPF subsystem
 
 CONFIG_PREEMPT_BUILD=y
@@ -6879,7 +6879,11 @@ CONFIG_FORTIFY_SOURCE=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM=y
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
 CONFIG_SECURITY_LANDLOCK=y
 CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index d0713a251142a5f87671b6a2edc08b85e4f0710a..86d7ea046ef600d4c60a278d0124d640201262be 100644 (file)
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -5,7 +5,7 @@
 
 name       = kernel
 version    = 6.0.6
-release    = 0.35
+release    = 0.36
 thisapp    = linux-%{version}
 
 maintainer = Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
IPFire 3.x development tree