config: disable SELinux
CONFIG_LSM is a new option which can be used to enable SELinux. Base Fedora config does that. When disabled at runtime only, SELinux-aware kernel will refuse setting securit.selinux xattr, breaking multiple tools, including initramfs generation (cp --preserve=xattr fails).
This commit is contained in:
parent
c68ee341b2
commit
98cd4d1c78
@ -86,6 +86,7 @@ CONFIG_SECURITY_YAMA=y
|
||||
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity"
|
||||
|
||||
|
||||
################################################################################
|
||||
|
Loading…
Reference in New Issue
Block a user