Public bug reported: In the v4.12 kernel, CONFIG_SECURITY_SELINUX_DISABLE (which allows disabling selinux after boot) will conflict with read-only LSM structures. Since Ubuntu is primarily using AppArmor for its LSM, and SELinux is disabled by default, it makes sense to drop this feature in favor of the protections offered by __ro_after_init markings on the LSM structures.
https://patchwork.kernel.org/patch/9571911/ ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1680315 Title: Disable CONFIG_SECURITY_SELINUX_DISABLE Status in linux package in Ubuntu: New Bug description: In the v4.12 kernel, CONFIG_SECURITY_SELINUX_DISABLE (which allows disabling selinux after boot) will conflict with read-only LSM structures. Since Ubuntu is primarily using AppArmor for its LSM, and SELinux is disabled by default, it makes sense to drop this feature in favor of the protections offered by __ro_after_init markings on the LSM structures. https://patchwork.kernel.org/patch/9571911/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680315/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
