From 6e6bf3652156da1fc8ff60d7c4de38952c4fcb95 Mon Sep 17 00:00:00 2001
From: bitcoffee <liuxin350@huawei.com>
Date: Mon, 29 Jan 2024 01:14:38 +0800
Subject: [PATCH] lsm: enable CONFIG_BPF_LSM for use bpf in lsm program

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8N9IB
CVE: NA

---------------------------------------

Enable CONFIG_BPF_LSM to support ebpf functionality is of
great significance in scenarios such as kernel security
reinforcement and container escape, kernel authorization,
and sensitive file tampering prevention, making it easy to
intercept sensitive/dangerous function operations.

Signed-off-by: bitcoffee <liuxin350@huawei.com>
---
 arch/arm64/configs/openeuler_defconfig | 2 +-
 arch/x86/configs/openeuler_defconfig   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig
index 3dc61a666695..a052ed35cf03 100644
--- a/arch/arm64/configs/openeuler_defconfig
+++ b/arch/arm64/configs/openeuler_defconfig
@@ -87,7 +87,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 CONFIG_BPF_SCHED=y
 # end of BPF subsystem
 
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig
index 66c0fa6705b4..40321b624adc 100644
--- a/arch/x86/configs/openeuler_defconfig
+++ b/arch/x86/configs/openeuler_defconfig
@@ -105,7 +105,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 CONFIG_BPF_SCHED=y
 # end of BPF subsystem
 
-- 
Gitee