Enable options for hid_bpf and landlock #10
Conversation
These options allow using udev_hid_bpf to trace input events to measure the input-to-display latency.
| ## | ||
| ## file: security/Kconfig | ||
| ## | ||
| CONFIG_LSM="landlock" |
There was a problem hiding this comment.
What's the reason you choose landlock here? It's an improvement over the previous config, but by default it's a whole list, but you only enable "landlock" here.
I assume there's a good reason for it, but please document that in the commit message.
FWIW: The Debian kernel config has CONFIG_DEFAULT_SECURITY_APPARMOR=y
There was a problem hiding this comment.
I've amended my commit. The other modules are not enabled yet and I haven't looked into their function yet, so I only enabled what I could readily test.
There was a problem hiding this comment.
FTR: I would be absolutely fine to gradually enable these security features one-by-one and see what their effects are. Just document it in git commit message(s).
|
Thanks for properly sorting the entries in |
Landlock is used by pacman to restrict filesystem access.
hrdl-github
force-pushed
the
pn_612_hidbpf_landlock
branch
from
89e37d8 to
d9d498e
Compare
|
Haha! So this is needed to run an arch VM on your PineNote running Debian? 😄 Anyway: |
Mentioning @diederikdehaas