Kernel: Enable YAMA support

See https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html for the upstream rationale. Enabling YAMA gives us the benefit of additional hardening options available, without any obvious downsides. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-28 11:43:25 +02:00 · 2022-06-11 18:53:10 +00:00
parent db8639bbfa
commit 9b28e9d02b
4 changed files with 4 additions and 4 deletions
--- a/config/kernel/kernel.config.armv6l-ipfire
+++ b/config/kernel/kernel.config.armv6l-ipfire
@@ -7561,7 +7561,7 @@ CONFIG_HARDENED_USERCOPY_PAGESPAN=y
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_YAMA is not set
+CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y