diff options
author | Kees Cook <keescook@chromium.org> | 2018-09-15 01:26:37 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2019-01-09 00:18:43 +0300 |
commit | 70b62c25665f636c9f6c700b26af7df296b0887e (patch) | |
tree | 03986a41ef6ecdf30b444124c4ef525365cad3bc /security/Kconfig | |
parent | d8e9bbd4fa7f654bd877a312fc4104c6e5e5c6ca (diff) | |
download | linux-70b62c25665f636c9f6c700b26af7df296b0887e.tar.xz |
LoadPin: Initialize as ordered LSM
This converts LoadPin from being a direct "minor" LSM into an ordered LSM.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 39 |
1 files changed, 1 insertions, 38 deletions
diff --git a/security/Kconfig b/security/Kconfig index cedf69e8a22c..2cd737ba7660 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -239,46 +239,9 @@ source "security/yama/Kconfig" source "security/integrity/Kconfig" -choice - prompt "Default security module" - default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX - default DEFAULT_SECURITY_SMACK if SECURITY_SMACK - default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO - default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR - default DEFAULT_SECURITY_DAC - - help - Select the security module that will be used by default if the - kernel parameter security= is not specified. - - config DEFAULT_SECURITY_SELINUX - bool "SELinux" if SECURITY_SELINUX=y - - config DEFAULT_SECURITY_SMACK - bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y - - config DEFAULT_SECURITY_TOMOYO - bool "TOMOYO" if SECURITY_TOMOYO=y - - config DEFAULT_SECURITY_APPARMOR - bool "AppArmor" if SECURITY_APPARMOR=y - - config DEFAULT_SECURITY_DAC - bool "Unix Discretionary Access Controls" - -endchoice - -config DEFAULT_SECURITY - string - default "selinux" if DEFAULT_SECURITY_SELINUX - default "smack" if DEFAULT_SECURITY_SMACK - default "tomoyo" if DEFAULT_SECURITY_TOMOYO - default "apparmor" if DEFAULT_SECURITY_APPARMOR - default "" if DEFAULT_SECURITY_DAC - config LSM string "Ordered list of enabled LSMs" - default "integrity" + default "loadpin,integrity,selinux,smack,tomoyo,apparmor" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be |