[PATCH v2 5/6] lockdown: Make the relationship to MODULE_SIG a dependency

Thomas Weißschuh Mon, 20 Jan 2025 09:45:58 -0800

The new hash-based module integrity checking will also be able to
satisfy the requirements of lockdown.
Such an alternative is not representable with "select", so use
"depends on" instead.


Signed-off-by: Thomas Weißschuh <li...@weissschuh.net>
---
 security/lockdown/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index 
e84ddf48401010bcc0829a32db58e6f12bfdedcb..155959205b8eac2c85897a8c4c8b7ec471156706
 100644
--- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig
@@ -1,7 +1,7 @@
 config SECURITY_LOCKDOWN_LSM
        bool "Basic module for enforcing kernel lockdown"
        depends on SECURITY
-       select MODULE_SIG if MODULES
+       depends on !MODULES || MODULE_SIG
        help
          Build support for an LSM that enforces a coarse kernel lockdown
          behaviour.

-- 
2.48.1

[PATCH v2 5/6] lockdown: Make the relationship to MODULE_SIG a dependency

Reply via email to