mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 05:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-kernel: make lockdown available

Browse Source 
This will not be enabled by default, and still requires the "lockdown"
kernel parameter. Users can test by setting in
`/usr/share/oem/grub.cfg`:
```
set linux_append="lockdown=integrity"
```

After this is set, dmesg output you'll see:
```
[    0.000000] Kernel is locked down from command line; see man
kernel_lockdown.7
```

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
This commit is contained in:
Vincent Batts 2020-08-27 14:14:40 -04:00
parent ea32f00966
commit 342e858d66
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.8 vendored
View File

@ -792,6 +792,8 @@ CONFIG_SCSI_SYM53C8XX_2=m
CONFIG_SCSI_VIRTIO=m
CONFIG_SCTP_COOKIE_HMAC_SHA1=y
CONFIG_SECURITY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_SELINUX=y