diff options
| author |   Siddharth Menon <simeddon@gmail.com> | 2024-10-02 15:19:40 +0530 |
|---|---|---|
| committer |   John Johansen <john.johansen@canonical.com> | 2024-11-26 19:21:06 -0800 |
| commit | d00c2359fc1852258d8ce218cf2f509086da720c (patch) | |
| tree | 55fcbb1da37152d5650a36f8a1da2c6098053f99 | |
| parent | apparmor: audit_cap dedup based on subj_cred instead of profile (diff) | |
| download | wireguard-linux-d00c2359fc1852258d8ce218cf2f509086da720c.tar.xz wireguard-linux-d00c2359fc1852258d8ce218cf2f509086da720c.zip | |
Docs: Update LSM/apparmor.rst
After the deprecation of CONFIG_DEFAULT_SECURITY, it is no longer used
to enable and configure AppArmor. Since kernel 5.0,
`CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE` is not used either.
Instead, the CONFIG_LSM parameter manages the order and selection of LSMs.
Signed-off-by: Siddharth Menon <simeddon@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
| -rw-r--r-- | Documentation/admin-guide/LSM/apparmor.rst | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/Documentation/admin-guide/LSM/apparmor.rst b/Documentation/admin-guide/LSM/apparmor.rst index 6cf81bbd7ce8..47939ee89d74 100644 --- a/Documentation/admin-guide/LSM/apparmor.rst +++ b/Documentation/admin-guide/LSM/apparmor.rst @@ -18,8 +18,11 @@ set ``CONFIG_SECURITY_APPARMOR=y`` If AppArmor should be selected as the default security module then set:: - CONFIG_DEFAULT_SECURITY="apparmor" - CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 + CONFIG_DEFAULT_SECURITY_APPARMOR=y + +The CONFIG_LSM parameter manages the order and selection of LSMs. +Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack) +in the list. Build the kernel |