From 98cd4d1c7840a8793325c0bb1b491ca1839a3bee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Wed, 15 May 2019 21:58:09 +0200
Subject: [PATCH] config: disable SELinux

CONFIG_LSM is a new option which can be used to enable SELinux. Base
Fedora config does that. When disabled at runtime only, SELinux-aware
kernel will refuse setting securit.selinux xattr, breaking multiple
tools, including initramfs generation (cp --preserve=xattr fails).
---
 config-qubes | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config-qubes b/config-qubes
index 8748339..44a7d88 100644
--- a/config-qubes
+++ b/config-qubes
@@ -86,6 +86,7 @@ CONFIG_SECURITY_YAMA=y
 
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_LSM="yama,loadpin,safesetid,integrity"
 
 
 ################################################################################