[Kernel-packages] [Bug 1845383] [NEW] CONFIG_LSM should not specify loadpin since it is not built

[Tyler Hicks]

Public bug reported:

[Impact]

While inspecting our kernel configs, I noticed that "loadpin" is present
in the CONFIG_LSM string but CONFIG_SECURITY_LOADPIN is not enabled.
This is harmless but should be cleaned up.

[Test Case]

Ensure that /sys/kernel/security/lsm still contains
"capability,yama,apparmor" after rebooting into the new kernel:

$ cat /sys/kernel/security/lsm 
capability,yama,apparmor

Ensure that the current kernel's config does not specify "loadpin" in
the CONFIG_LSM value:

$ grep CONFIG_LSM= /boot/config-$(uname -r)
CONFIG_LSM="yama,integrity,apparmor"

[Regression Potential]

Low. This just limits the CONFIG_LSM value to only contain LSMs that are
being built.

** Affects: linux (Ubuntu)
     Importance: Low
     Assignee: Tyler Hicks (tyhicks)
         Status: In Progress

** Affects: linux (Ubuntu Disco)
     Importance: Low
     Assignee: Tyler Hicks (tyhicks)
         Status: Triaged

** Also affects: linux (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Disco)
       Status: New => Triaged

** Changed in: linux (Ubuntu Disco)
   Importance: Undecided => Low

** Changed in: linux (Ubuntu Disco)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1845383

Title:
  CONFIG_LSM should not specify loadpin since it is not built

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Disco:
  Triaged

Bug description:
  [Impact]

  While inspecting our kernel configs, I noticed that "loadpin" is
  present in the CONFIG_LSM string but CONFIG_SECURITY_LOADPIN is not
  enabled. This is harmless but should be cleaned up.

  [Test Case]

  Ensure that /sys/kernel/security/lsm still contains
  "capability,yama,apparmor" after rebooting into the new kernel:

  $ cat /sys/kernel/security/lsm 
  capability,yama,apparmor

  Ensure that the current kernel's config does not specify "loadpin" in
  the CONFIG_LSM value:

  $ grep CONFIG_LSM= /boot/config-$(uname -r)
  CONFIG_LSM="yama,integrity,apparmor"

  [Regression Potential]

  Low. This just limits the CONFIG_LSM value to only contain LSMs that
  are being built.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845383/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp