Check SECURITY_SELINUX_DEVELOP (recommended by Clip OS)
authorAlexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:31:25 +0000 (21:31 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:31:25 +0000 (21:31 +0300)
Clip OS description: it "will eventually be n".

kconfig_hardened_check/__init__.py

index 9dcc9d82f7340cdd79af7ec60bd9acf040338754..98a3493b9e2d6394e5b8f179cbcf2d8a7d4e0306 100644 (file)
@@ -535,6 +535,7 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_LANDLOCK', 'y')]
     l += [KconfigCheck('security_policy', 'kspp', 'SECURITY_SELINUX_DISABLE', 'is not set')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_SELINUX_BOOTPARAM', 'is not set')]
+    l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_SELINUX_DEVELOP', 'is not set')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM', 'y')]
     l += [KconfigCheck('security_policy', 'clipos', 'SECURITY_LOCKDOWN_LSM_EARLY', 'y')]
     l += [KconfigCheck('security_policy', 'clipos', 'LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y')]