From: Alexander Popov <alex.popov@linux.com>
Date: Mon, 3 Jun 2019 17:03:58 +0000 (+0300)
Subject: Don't recommend any particular LSM to avoid the holy war
X-Git-Tag: v0.5.2~22
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;ds=inline;h=f707e47aa21148ac29d674fb8ca28c5754f89647;p=kconfig-hardened-check.git

Don't recommend any particular LSM to avoid the holy war
---

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 562dd92..c2d35c1 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -258,11 +258,10 @@ def construct_checklist(arch):
         checklist.append(OptCheck('STACKPROTECTOR_PER_TASK',      'y', 'my', 'self_protection'))
 
     if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
-        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
     if debug_mode or arch == 'ARM':
-        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy')) # and choose your favourite LSM
     checklist.append(OptCheck('SECURITY_YAMA',               'y', 'kspp', 'security_policy'))
-    checklist.append(OptCheck('SECURITY_SELINUX_DISABLE',    'is not set', 'kspp', 'security_policy'))
 
     checklist.append(OptCheck('SECCOMP',              'y', 'defconfig', 'cut_attack_surface'))
     checklist.append(OptCheck('SECCOMP_FILTER',       'y', 'defconfig', 'cut_attack_surface'))