From c18694fb9ddf6c2702db7fbe23b25677a7118d43 Mon Sep 17 00:00:00 2001
From: Mauricio Vasquez <mauricio@kinvolk.io>
Date: Mon, 15 Feb 2021 21:21:33 +0000
Subject: [PATCH] sys-kernel: enable kernel config CONFIG_BPF_LSM

Enable this option to make it possible to use LSM hooks with BPF.

Signed-off-by: Mauricio Vasquez <mauricio@kinvolk.io>
---
 .../sys-kernel/coreos-modules/files/commonconfig-5.10           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.10
index 57811aef36..6c7ea0a9fc 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.10
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.10
@@ -51,6 +51,7 @@ CONFIG_BOOT_PRINTK_DELAY=y
 CONFIG_BPF_EVENTS=y
 CONFIG_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
+CONFIG_BPF_LSM=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BRIDGE=m
 CONFIG_BRIDGE_EBT_802_3=m
@@ -409,6 +410,7 @@ CONFIG_LIBFCOE=m
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_LOG_BUF_SHIFT=18
 CONFIG_LOOPBACK_TARGET=m
+CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
 CONFIG_LWTUNNEL=y
 CONFIG_MACVLAN=m
 CONFIG_MACVTAP=m