security: Add LSMs dependencies to CONFIG_LSM

Thanks to the previous commit, this gives the opportunity to users, when running make oldconfig, to update the list of enabled LSMs at boot time if an LSM has just been enabled or disabled in the build. Moreover, this list only makes sense if at least one LSM is enabled. Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <jmorris@namei.org> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Link: https://lore.kernel.org/r/20210215122513.1773897-4-mic@digikod.net
0day-ci · Feb 15, 2021 · 57f88038e4ac44e3de063cd5914d91cbb3eecf8f · 57f8803
1 parent 39b88f2
commit 57f88038e4ac44e3de063cd5914d91cbb3eecf8f
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/security/Kconfig b/security/Kconfig
@@ -277,6 +277,10 @@ endchoice
 
 config LSM
 	string "Ordered list of enabled LSMs"
+	depends on SECURITY_LOCKDOWN_LSM || SECURITY_YAMA || SECURITY_LOADPIN || \
+		SECURITY_SAFESETID || INTEGRITY || SECURITY_SELINUX || \
+		SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR || \
+		BPF_LSM
 	default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
 	default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
 	default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO