config: disable SELinux

CONFIG_LSM is a new option which can be used to enable SELinux. Base Fedora config does that. When disabled at runtime only, SELinux-aware kernel will refuse setting securit.selinux xattr, breaking multiple tools, including initramfs generation (cp --preserve=xattr fails).
5 years ago · 98cd4d1c78
parent c68ee341b2
commit 98cd4d1c78
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@ -86,6 +86,7 @@ CONFIG_SECURITY_YAMA=y

 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_LSM="yama,loadpin,safesetid,integrity"


 ################################################################################