Don't recommend any particular LSM to avoid the holy war

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 562dd92ca0b7e760b31819a282e40b8024edf1ec..c2d35c17ea792b8a1dfd122cc1daa8eb145a67e9 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -258,11 +258,10 @@ def construct_checklist(arch):
         checklist.append(OptCheck('STACKPROTECTOR_PER_TASK',      'y', 'my', 'self_protection'))
 
     if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
-        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
     if debug_mode or arch == 'ARM':
-        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy')) # and choose your favourite LSM
     checklist.append(OptCheck('SECURITY_YAMA',               'y', 'kspp', 'security_policy'))
-    checklist.append(OptCheck('SECURITY_SELINUX_DISABLE',    'is not set', 'kspp', 'security_policy'))
 
     checklist.append(OptCheck('SECCOMP',              'y', 'defconfig', 'cut_attack_surface'))
     checklist.append(OptCheck('SECCOMP_FILTER',       'y', 'defconfig', 'cut_attack_surface'))