[PATCH] security: CONFIG_LSM: LSM can depend on SECURITY
Randy Dunlap
rdunlap at infradead.org
Sun Aug 24 22:28:00 UTC 2025
When CONFIG_SECURITY is not set, CONFIG_LSM (builtin_lsm_order) does
not need to be visible and settable since builtin_lsm_order is defined in
security.o, which is only built when CONFIG_SECURITY=y.
So make CONFIG_LSM depend on CONFIG_SECURITY.
Fixes: 13e735c0e953 ("LSM: Introduce CONFIG_LSM")
Signed-off-by: Randy Dunlap <rdunlap at infradead.org>
---
Cc: Kees Cook <kees at kernel.org>
Cc: Paul Moore <paul at paul-moore.com>
Cc: James Morris <jmorris at namei.org>
Cc: "Serge E. Hallyn" <serge at hallyn.com>
Cc: linux-security-module at vger.kernel.org
security/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- linux-next-20250819.orig/security/Kconfig
+++ linux-next-20250819/security/Kconfig
@@ -269,6 +269,7 @@ endchoice
config LSM
string "Ordered list of enabled LSMs"
+ depends on SECURITY
default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,ipe,bpf" if DEFAULT_SECURITY_SMACK
default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,ipe,bpf" if DEFAULT_SECURITY_APPARMOR
default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,ipe,bpf" if DEFAULT_SECURITY_TOMOYO
More information about the Linux-security-module-archive
mailing list