mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-10 22:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2158 from l0kod/landlock

Browse Source 
Enable Landlock LSM in the kernel.
This commit is contained in:
Jeremi Piotrowski 2024-07-30 10:14:48 +02:00 committed by GitHub
commit b67648f7da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/changes/2024-07-29-landlock.md Normal file
View File

@ -0,0 +1 @@
- The kernel security module Landlock is now enabled for programs to sandbox themselves ([flatcar/scripts#2158](https://github.com/flatcar/scripts/pull/2158))

3
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 vendored
View File

@ -424,7 +424,7 @@ CONFIG_LIBFCOE=m
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOG_BUF_SHIFT=18
CONFIG_LOOPBACK_TARGET=m
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LWTUNNEL=y
CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
@ -821,6 +821,7 @@ CONFIG_SCSI_SYM53C8XX_2=m
CONFIG_SCSI_VIRTIO=m
CONFIG_SCTP_COOKIE_HMAC_SHA1=y
CONFIG_SECURITY=y
CONFIG_SECURITY_LANDLOCK=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_NETWORK=y