integrity: Disable IMA until it works properly with lockdown
Enabing CONFIG_IMA, CONFIG_MODULE_SIG and lockdown currently breaks module loading with finit_module().
This commit is contained in:
parent
ef9c7e11c5
commit
82596c5122
|
@ -58,6 +58,7 @@ linux (4.16-1~exp1) UNRELEASED; urgency=medium
|
||||||
changelog
|
changelog
|
||||||
* [x86,arm64] Enable code signing again
|
* [x86,arm64] Enable code signing again
|
||||||
* certs: Add certificate for test key used in Debian signing service
|
* certs: Add certificate for test key used in Debian signing service
|
||||||
|
* integrity: Disable IMA until it works properly with lockdown
|
||||||
|
|
||||||
-- Roger Shimizu <rogershimizu@gmail.com> Fri, 23 Mar 2018 21:10:34 +0900
|
-- Roger Shimizu <rogershimizu@gmail.com> Fri, 23 Mar 2018 21:10:34 +0900
|
||||||
|
|
||||||
|
|
|
@ -7135,7 +7135,8 @@ CONFIG_INTEGRITY_AUDIT=y
|
||||||
##
|
##
|
||||||
## file: security/integrity/ima/Kconfig
|
## file: security/integrity/ima/Kconfig
|
||||||
##
|
##
|
||||||
CONFIG_IMA=y
|
#. IMA + MODULE_SIG currently breaks module loading with finit_module()
|
||||||
|
# CONFIG_IMA is not set
|
||||||
## choice: Default integrity hash algorithm
|
## choice: Default integrity hash algorithm
|
||||||
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
|
Loading…
Reference in New Issue