From: Mickaël Salaün <m...@linux.microsoft.com> Thanks to the previous commit, this gives the opportunity to users, when running make oldconfig, to update the list of enabled LSMs at boot time if an LSM has just been enabled or disabled in the build. Moreover, this list only makes sense if at least one LSM is enabled.
Cc: Casey Schaufler <ca...@schaufler-ca.com> Cc: James Morris <jmor...@namei.org> Cc: Masahiro Yamada <masahi...@kernel.org> Cc: Serge E. Hallyn <se...@hallyn.com> Signed-off-by: Mickaël Salaün <m...@linux.microsoft.com> Link: https://lore.kernel.org/r/20210215181511.2840674-4-...@digikod.net --- Changes since v1: * Add CONFIG_SECURITY as a dependency of CONFIG_LSM. This prevent an error when building without any LSMs. --- security/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/Kconfig b/security/Kconfig index 7561f6f99f1d..addcc1c04701 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -277,6 +277,10 @@ endchoice config LSM string "Ordered list of enabled LSMs" + depends on SECURITY || SECURITY_LOCKDOWN_LSM || SECURITY_YAMA || \ + SECURITY_LOADPIN || SECURITY_SAFESETID || INTEGRITY || \ + SECURITY_SELINUX || SECURITY_SMACK || SECURITY_TOMOYO || \ + SECURITY_APPARMOR || BPF_LSM default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO -- 2.30.0
