integrity: Disable IMA until it works properly with lockdown

Enabing CONFIG_IMA, CONFIG_MODULE_SIG and lockdown currently breaks module loading with finit_module().
2018-04-08 14:42:15 +02:00 · 2018-04-08 14:42:15 +02:00 · 82596c5122
parent ef9c7e11c5
commit 82596c5122
2 changed files with 3 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -58,6 +58,7 @@ linux (4.16-1~exp1) UNRELEASED; urgency=medium
    changelog
  * [x86,arm64] Enable code signing again
  * certs: Add certificate for test key used in Debian signing service
+  * integrity: Disable IMA until it works properly with lockdown

 -- Roger Shimizu <rogershimizu@gmail.com>  Fri, 23 Mar 2018 21:10:34 +0900

--- a/debian/config/config
+++ b/debian/config/config
@ -7135,7 +7135,8 @@ CONFIG_INTEGRITY_AUDIT=y
 ##
 ## file: security/integrity/ima/Kconfig
 ##
-CONFIG_IMA=y
+#. IMA + MODULE_SIG currently breaks module loading with finit_module()
+# CONFIG_IMA is not set
 ## choice: Default integrity hash algorithm
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y