package/libselinux: set the config_lsm kernel config option to selinux

Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.

As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index f7397141d5885700a7c3c01e4d8255f470f2965b..521dbaaba80ceac41dfb874c90921e015ccc9566 100644 (file)
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -111,6 +111,7 @@ define LIBSELINUX_LINUX_CONFIG_FIXUPS
        $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
        $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
        $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
+       $(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
 endef
 
 $(eval $(generic-package))