Need to compile CONFIG_SECURITY_LANDLOCK=y into x86/64 but unable to get it passed through

darksky · October 5, 2024, 1:12pm

I need to modify the default config-6.6 for x86/64 to include

CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,landlock"
CONFIG_SECURITY=y
CONFIG_SECURITY_LANDLOCK=y

I tried doing this in target/linux/generic/config-6.6 (removing the commented versions of these options) but when I build my image, the settings of CONFIG_SECURITY=y and CONFIG_SECURITY_LANDLOCK=y are getting dropped. I am assuming there is a conflicting setting that overrides them upon compilation? I also tried adding these to target/linux/x86/config-6.6 but that too did not work.

Is target/linux/generic/config-6.6 the right place to modify?
Any thoughts on what other setting is causing these to get ignored?

brada4 · October 5, 2024, 1:14pm

Use kernel_menuconfig

darksky · October 5, 2024, 5:58pm

As a test, I kept all options from make kernel_menuconfig CONFIG_TARGET=subtarget without editing. The kernel built but without an option I set. Namely, CONFIG_SECURITY=y

darksky · October 6, 2024, 12:08pm

Could it be that there is some patch or package that is overriding my kernel config and toggling CONFIG_SECURITY=y off or could it be there is some # CONFIG_FOO is not set entry that is overriding the setting?

EDIT: yep, see: https://github.com/openwrt/openwrt/issues/16614

system · October 16, 2024, 12:08pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.