From 38421a525942dacf9d6001d15745a06a7436132a Mon Sep 17 00:00:00 2001
From: wangchuanguo <wangchuanguo@inspur.com>
Date: Fri, 27 Oct 2023 17:07:54 +0800
Subject: [PATCH] anolis: config: enable bpf/lsm by default in config file for
 x86

ANBZ: #7058

bpf/lsm is not enabled by default that can confirm by "cat /sys/kernel/security/lsm".
so add bpf in CONFIG_LSM

Because the arm architecture currently does not support LSM, only x86 options are enabled

Signed-off-by: wangchuanguo <wangchuanguo@inspur.com>
---
 arch/x86/configs/anolis-debug_defconfig | 2 +-
 arch/x86/configs/anolis_defconfig       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/configs/anolis-debug_defconfig b/arch/x86/configs/anolis-debug_defconfig
index 5ad2e73476a6..1d8ee91ac5c4 100644
--- a/arch/x86/configs/anolis-debug_defconfig
+++ b/arch/x86/configs/anolis-debug_defconfig
@@ -6362,7 +6362,7 @@ CONFIG_EVM_LOAD_X509=y
 CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="integrity,selinux,smack,tomoyo,apparmor,bpf"
 
 #
 # Kernel hardening options
diff --git a/arch/x86/configs/anolis_defconfig b/arch/x86/configs/anolis_defconfig
index 2b876f8a1456..748fd904d46e 100644
--- a/arch/x86/configs/anolis_defconfig
+++ b/arch/x86/configs/anolis_defconfig
@@ -6357,7 +6357,7 @@ CONFIG_EVM_LOAD_X509=y
 CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_LSM="integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="integrity,selinux,smack,tomoyo,apparmor,bpf"
 
 #
 # Kernel hardening options
-- 
Gitee