NVIDIA: SAUCE: arch: arm64: enable AppArmor instead of SELinux

* Enable CONFIG_SECURITY_APPARMOR. * Replace selinux with apprmor in CONFIG_LSM. * Disable CONFIG_SECURITY_SELINUX. This change replaces SELinux with AppArmor as the main LSM/MAC mechanism. http://nvbugs/5071461 Signed-off-by: Mustafa Bilgen <mbilgen@nvidia.com> Reviewed-by: Deepak Nibade <dnibade@nvidia.com> Reviewed-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Ajay Nandakumar Mannargudi <anandakumarm@nvidia.com> Reviewed-by: Bibek Basu <bbasu@nvidia.com> Signed-off-by: Vishwaroop A <va@nvidia.com> Acked-by: Noah Wager <noah.wager@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Noah Wager <noah.wager@canonical.com>
2025-01-27 20:49:49 +00:00
parent 5f06f1ea2b
commit eb4d323dc6
2 changed files with 4 additions and 4 deletions
@@ -1696,13 +1696,13 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
-CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_YAMA=y
 CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_PLATFORM_KEYRING=y
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,bpf"
 CONFIG_CRYPTO_USER=y
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_ECHAINIV=y
@@ -542,8 +542,8 @@ CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
-CONFIG_SECURITY_SELINUX=y
-CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,bpf"
 CONFIG_CRYPTO_DES=m
 CONFIG_CRYPTO_SM4_GENERIC=m
 CONFIG_CRYPTO_XTS=m