Package: src:linux Followup-For: Bug #972459 Adding 2 patches: enabling CONFIG_IMA and also enable CONFIG_EVM and CONFIG_EVM_ATTR_FSUUID. IMHO it does make sense to enable EVM as well. Not sure what exactly should be enabled from EVM.
Kind regards, Petr
From 3b87a40738dd6a606ec6b177053b9a11ee8beda3 Mon Sep 17 00:00:00 2001 From: Petr Vorel <petr.vo...@gmail.com> Date: Sat, 7 Nov 2020 23:49:42 +0100 Subject: [PATCH 1/2] Reenable IMA again (Closes: #972459) Signed-off-by: Petr Vorel <petr.vo...@gmail.com> --- debian/changelog | 3 +++ debian/config/config | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index f845cc785..f829f1b71 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ linux (5.9.1-2) UNRELEASED; urgency=medium [ John L. Villalovos ] * [arm64] NUMA: Kconfig: Increase NODES_SHIFT to 4 + [ Petr Vorel ] + * Reenable IMA again (Closes: #972459) + -- Uwe Kleine-König <uklei...@debian.org> Wed, 28 Oct 2020 10:47:22 +0100 linux (5.9.1-1) unstable; urgency=medium diff --git a/debian/config/config b/debian/config/config index ebd2d1715..eef971bf7 100644 --- a/debian/config/config +++ b/debian/config/config @@ -7603,8 +7603,7 @@ CONFIG_INTEGRITY_AUDIT=y ## ## file: security/integrity/ima/Kconfig ## -#. IMA + MODULE_SIG currently breaks module loading with finit_module() -# CONFIG_IMA is not set +CONFIG_IMA=y ## choice: Default integrity hash algorithm # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y -- 2.28.0
>From fb87c684f4485ff4b953ab884fcc6cfe7d6a4e3b Mon Sep 17 00:00:00 2001 From: Petr Vorel <petr.vo...@gmail.com> Date: Sat, 7 Nov 2020 23:50:49 +0100 Subject: [PATCH 2/2] Enable EVM CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y Signed-off-by: Petr Vorel <petr.vo...@gmail.com> --- debian/config/config | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/config/config b/debian/config/config index eef971bf7..c57fa97de 100644 --- a/debian/config/config +++ b/debian/config/config @@ -7598,7 +7598,9 @@ CONFIG_INTEGRITY_AUDIT=y ## ## file: security/integrity/evm/Kconfig ## -# CONFIG_EVM is not set +CONFIG_EVM=y +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_ADD_XATTRS is not set ## ## file: security/integrity/ima/Kconfig -- 2.28.0
