[PATCH v2 5/6] lockdown: Make the relationship to MODULE_SIG a dependency

[PATCH v2 0/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 5/6] lockdown: Make the relationship to MODULE_SIG a dependency · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 3/6] module: Move integrity checks into dedicated function · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 4/6] module: Move lockdown check into generic module loader · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 1/6] kbuild: add stamp file for vmlinux BTF data · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 2/6] module: Make module loading policy usable without MODULE_SIG · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
[PATCH v2 6/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-20
Re: [PATCH v2 6/6] module: Introduce hash-based integrity checking · kpcyrd <hidden> · 2025-01-22
Re: [PATCH v2 6/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-03-06
Re: [PATCH v2 6/6] module: Introduce hash-based integrity checking · Petr Pavlu <petr.pavlu@suse.com> · 2025-02-03
Re: [PATCH v2 6/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-02-04
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Roberto Sassu <hidden> · 2025-01-21
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-01-21
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Roberto Sassu <hidden> · 2025-01-21
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Câju Mihai-Drosi <hidden> · 2025-01-25
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Christian Heusel <christian@heusel.eu> · 2025-02-03
Re: [PATCH v2 0/6] module: Introduce hash-based integrity checking · Thomas Weißschuh <linux@weissschuh.net> · 2025-02-04

STALE452d

From: Thomas Weißschuh <linux@weissschuh.net>
Date: 2025-01-20 17:45:41
Also in: linux-arch, linux-doc, linux-kbuild, linux-modules, lkml
Subsystem: lockdown security module, security subsystem, the rest · Maintainers: Nicolas Bouchinet, Xiu Jianfeng, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

The new hash-based module integrity checking will also be able to
satisfy the requirements of lockdown.
Such an alternative is not representable with "select", so use
"depends on" instead.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
---
 security/lockdown/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf48401010bcc0829a32db58e6f12bfdedcb..155959205b8eac2c85897a8c4c8b7ec471156706 100644
--- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig

@@ -1,7 +1,7 @@
 config SECURITY_LOCKDOWN_LSM
 	bool "Basic module for enforcing kernel lockdown"
 	depends on SECURITY
-	select MODULE_SIG if MODULES
+	depends on !MODULES || MODULE_SIG
 	help
 	  Build support for an LSM that enforces a coarse kernel lockdown
 	  behaviour.

-- 
2.48.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help