[PATCH v5 02/14] lockdown: Make the relationship to MODULE_SIG a dependency
Thomas Weißschuh
linux at weissschuh.net
Tue May 5 09:05:06 UTC 2026
The new hash-based module integrity checking will also be able to
satisfy the requirements of lockdown.
Such an alternative is not representable with "select", so use
"depends on" instead.
Acked-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: Nicolas Schier <nsc at kernel.org>
Signed-off-by: Thomas Weißschuh <linux at weissschuh.net>
---
security/lockdown/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf484010..155959205b8e 100644
--- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig
@@ -1,7 +1,7 @@
config SECURITY_LOCKDOWN_LSM
bool "Basic module for enforcing kernel lockdown"
depends on SECURITY
- select MODULE_SIG if MODULES
+ depends on !MODULES || MODULE_SIG
help
Build support for an LSM that enforces a coarse kernel lockdown
behaviour.
--
2.54.0
More information about the Linux-security-module-archive
mailing list