| Bug ID | 1198722 |
|---|---|
| Summary | initialize useful compiled in LSMs by default |
| Classification | openSUSE |
| Product | openSUSE Tumbleweed |
| Version | Current |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Kernel |
| Assignee | kernel-bugs@opensuse.org |
| Reporter | dmueller@suse.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Currently CONFIG_LSM is very minimal, not even listing the LSMs that we compile
into the kernel, which requires manual fixing on kernel boot cmdline using the
"lsm=" parameter.
we can enable these
* landlock: optional ability for user land applications to sandbox
themselves
* yama: optional restrict of use of ptrace for nonprivileged users
* bpf: create eBPF based LSMs dynamically
bpf was enabled earlier already, but reverted due to bsc#1197746