Public bug reported: In the v4.12 kernel, CONFIG_SECURITY_SELINUX_DISABLE (which allows disabling selinux after boot) will conflict with read-only LSM structures. Since Ubuntu is primarily using AppArmor for its LSM, and SELinux is disabled by default, it makes sense to drop this feature in favor of the protections offered by __ro_after_init markings on the LSM structures.
https://patchwork.kernel.org/patch/9571911/ ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1680315 Title: Disable CONFIG_SECURITY_SELINUX_DISABLE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
