Skip to content

Commit

Permalink
ensure that kernel lockdown security is disabled per default to allow
Browse files Browse the repository at this point in the history 
third-party apps like wiringPi to allow to work again
(this fixes #2721).
  • Loading branch information
@jens-maus
jens-maus committed Apr 21, 2024
1 parent c3718f5 commit 16850f7
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions buildroot-external/kernel/6.6/security.config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ CONFIG_SECURITY_LANDLOCK=y

# Enable "lockdown" LSM for bright line between the root user and kernel memory.
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set

# Perform usercopy bounds checking. (And disable fallback to gain full whitelist enforcement.)
CONFIG_HARDENED_USERCOPY=y
Expand Down Expand Up @@ -158,4 +158,4 @@ CONFIG_DEFAULT_SECURITY_APPARMOR=y
# CONFIG_SECURITY_SELINUX is not set

# Enable LSM security modules
CONFIG_LSM="landlock,lockdown,yama,apparmor"
CONFIG_LSM="landlock,yama,apparmor"

0 comments on commit 16850f7

Please sign in to comment.