[PATCH v2 5/6] lockdown: Make the relationship to MODULE_SIG a dependency

From: Thomas Weißschuh
Date: Mon Jan 20 2025 - 12:46:00 EST

Next message: Thomas Weißschuh: "[PATCH v2 1/6] kbuild: add stamp file for vmlinux BTF data"
Previous message: Steven Rostedt: "Re: [GIT PULL] tracing: Updates for v6.14"
In reply to: Thomas Weißschuh: "[PATCH v2 0/6] module: Introduce hash-based integrity checking"
Next in thread: Thomas Weißschuh: "[PATCH v2 1/6] kbuild: add stamp file for vmlinux BTF data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The new hash-based module integrity checking will also be able to
satisfy the requirements of lockdown.
Such an alternative is not representable with "select", so use
"depends on" instead.

Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
---
security/lockdown/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf48401010bcc0829a32db58e6f12bfdedcb..155959205b8eac2c85897a8c4c8b7ec471156706 100644
--- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig
@@ -1,7 +1,7 @@
config SECURITY_LOCKDOWN_LSM
bool "Basic module for enforcing kernel lockdown"
depends on SECURITY
- select MODULE_SIG if MODULES
+ depends on !MODULES || MODULE_SIG
help
Build support for an LSM that enforces a coarse kernel lockdown
behaviour.

--
2.48.1

Next message: Thomas Weißschuh: "[PATCH v2 1/6] kbuild: add stamp file for vmlinux BTF data"
Previous message: Steven Rostedt: "Re: [GIT PULL] tracing: Updates for v6.14"
In reply to: Thomas Weißschuh: "[PATCH v2 0/6] module: Introduce hash-based integrity checking"
Next in thread: Thomas Weißschuh: "[PATCH v2 1/6] kbuild: add stamp file for vmlinux BTF data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]