On 10/2/24 02:49, Siddharth Menon wrote:
After the deprecation of CONFIG_DEFAULT_SECURITY, it is no longer used
to enable and configure AppArmor. Since kernel 5.0,
`CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE` is not used either.
Instead, the CONFIG_LSM parameter manages the order and selection of LSMs.
Signed-off-by: Siddharth Menon <simeddon@xxxxxxxxx>
Acked-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
I have pulled this into my tree
---
V1 -> V2: Removed historical information and addressed review comments
Documentation/admin-guide/LSM/apparmor.rst | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/Documentation/admin-guide/LSM/apparmor.rst b/Documentation/admin-guide/LSM/apparmor.rst
index 6cf81bbd7ce8..47939ee89d74 100644
--- a/Documentation/admin-guide/LSM/apparmor.rst
+++ b/Documentation/admin-guide/LSM/apparmor.rst
@@ -18,8 +18,11 @@ set ``CONFIG_SECURITY_APPARMOR=y``
If AppArmor should be selected as the default security module then set::
- CONFIG_DEFAULT_SECURITY="apparmor"
- CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+ CONFIG_DEFAULT_SECURITY_APPARMOR=y
+
+The CONFIG_LSM parameter manages the order and selection of LSMs.
+Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack)
+in the list.
Build the kernel
