The commit is pushed to "branch-rh7-3.10.0-693.11.1.vz7.39.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.11.1.vz7.39.9
------>
commit 167b9da2d5eb5b44b111464c880643fd102ad2e3
Author: Konstantin Khorenko <[email protected]>
Date: Wed Dec 27 13:41:48 2017 +0300
security: enable CONFIG_SECURITY along with CONFIG_VE
Various security hardening solutions work via LSM hooks
so they need CONFIG_SECURITY which was disabled long ago
because we had capabilities intersection with stock ones.
Now we use user namespaces => no capabilities intersection =>
no reason to disable CONFIG_SECURITY.
Note: it does not mean SELinux will work inside a Container,
but at least Host can be managed by that security solutions.
https://jira.sw.ru/browse/PSBM-69451
Signed-off-by: Konstantin Khorenko <[email protected]>
---
security/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/Kconfig b/security/Kconfig
index 4ba50f4bd742..3605d24112d7 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -20,7 +20,7 @@ config SECURITY_DMESG_RESTRICT
config SECURITY
bool "Enable different security models"
- depends on SYSFS && !VE
+ depends on SYSFS
help
This allows you to choose different security modules to be
configured into your kernel.
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
