config: disable SELinux

CONFIG_LSM is a new option which can be used to enable SELinux. Base Fedora config does that. When disabled at runtime only, SELinux-aware kernel will refuse setting securit.selinux xattr, breaking multiple tools, including initramfs generation (cp --preserve=xattr fails).
QubesOS · May 15, 2019 · 98cd4d1 · 98cd4d1
1 parent c68ee34
commit 98cd4d1
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/config-qubes b/config-qubes
@@ -86,6 +86,7 @@ CONFIG_SECURITY_YAMA=y
 
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_LSM="yama,loadpin,safesetid,integrity"
 
 
 ################################################################################