From f707e47aa21148ac29d674fb8ca28c5754f89647 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Mon, 3 Jun 2019 20:03:58 +0300
Subject: [PATCH] Don't recommend any particular LSM to avoid the holy war

---
 kconfig-hardened-check.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 562dd92..c2d35c1 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -258,11 +258,10 @@ def construct_checklist(arch):
         checklist.append(OptCheck('STACKPROTECTOR_PER_TASK',      'y', 'my', 'self_protection'))
 
     if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
-        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
     if debug_mode or arch == 'ARM':
-        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy'))
+        checklist.append(OptCheck('SECURITY',                'y', 'kspp', 'security_policy')) # and choose your favourite LSM
     checklist.append(OptCheck('SECURITY_YAMA',               'y', 'kspp', 'security_policy'))
-    checklist.append(OptCheck('SECURITY_SELINUX_DISABLE',    'is not set', 'kspp', 'security_policy'))
 
     checklist.append(OptCheck('SECCOMP',              'y', 'defconfig', 'cut_attack_surface'))
     checklist.append(OptCheck('SECCOMP_FILTER',       'y', 'defconfig', 'cut_attack_surface'))
-- 
2.31.1