diff options
| -rwxr-xr-x | debian/bin/gencontrol.py | 2 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/config/config | 3 |
3 files changed, 5 insertions, 2 deletions
diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index b62cb400c..0233b01f2 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -619,7 +619,7 @@ class Gencontrol(Base): makeflags['KCONFIG'] = ' '.join(kconfig) makeflags['KCONFIG_OPTIONS'] = '' if build_signed: - makeflags['KCONFIG_OPTIONS'] += ' -o MODULE_SIG=y' + makeflags['KCONFIG_OPTIONS'] += ' -o SECURITY_LOCKDOWN_LSM=y -o MODULE_SIG=y' # Add "salt" to fix #872263 makeflags['KCONFIG_OPTIONS'] += \ ' -o "BUILD_SALT=\\"%(abiname)s%(localversion)s\\""' % vars diff --git a/debian/changelog b/debian/changelog index 243bc2d85..7a3fa30e6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -288,6 +288,8 @@ linux (5.18.8-1) UNRELEASED; urgency=medium * [rt] Update to 5.18-rt11: - Revert "softirq: Check preemption after reenabling interrupts" * Bump ABI to 3 + * Disable SECURITY_LOCKDOWN_LSM and MODULE_SIG where we don't sign code + (Closes: #825141) -- Ben Hutchings <benh@debian.org> Mon, 20 Jun 2022 12:48:13 +0200 diff --git a/debian/config/config b/debian/config/config index 789074230..ff21002cf 100644 --- a/debian/config/config +++ b/debian/config/config @@ -7776,7 +7776,8 @@ CONFIG_SECURITY_LANDLOCK=y ## ## file: security/lockdown/Kconfig ## -CONFIG_SECURITY_LOCKDOWN_LSM=y +#. This is overridden if the [build]signed-code setting is enabled +# CONFIG_SECURITY_LOCKDOWN_LSM is not set ## choice: Kernel default lockdown mode CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y ## end choice |