security: Remove integrity from the LSM list in Kconfig

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Remove 'integrity' from the list of LSMs in Kconfig, as it is no longer
necessary. Since the recent change (set order to LSM_ORDER_LAST), the
'integrity' LSM is always enabled (if selected in the kernel
configuration).

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Roberto Sassu and committed by

Paul Moore 3 years ago b9b8701b b7c1ae4b

+9 -7

1 changed file

expand all

security

Kconfig

+9 -7

security/Kconfig

··· 246 246 247 247 config LSM 248 248 string "Ordered list of enabled LSMs" 249 - default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK 250 - default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR 251 - default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO 252 - default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC 253 - default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" 249 + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK 250 + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR 251 + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO 252 + default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC 253 + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" 254 254 help 255 255 A comma-separated list of LSMs, in initialization order. 256 - Any LSMs left off this list will be ignored. This can be 257 - controlled at boot with the "lsm=" parameter. 256 + Any LSMs left off this list, except for those with order 257 + LSM_ORDER_FIRST and LSM_ORDER_LAST, which are always enabled 258 + if selected in the kernel configuration, will be ignored. 259 + This can be controlled at boot with the "lsm=" parameter. 258 260 259 261 If unsure, leave this as the default. 260 262