Commit d00c2359 authored by Siddharth Menon's avatar Siddharth Menon Committed by John Johansen
Browse files

Docs: Update LSM/apparmor.rst 



After the deprecation of CONFIG_DEFAULT_SECURITY, it is no longer used
to enable and configure AppArmor. Since kernel 5.0,
`CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE` is not used either.
Instead, the CONFIG_LSM parameter manages the order and selection of LSMs.

Signed-off-by: default avatarSiddharth Menon <simeddon@gmail.com>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 74a96bbe

Documentation/admin-guide/LSM/apparmor.rst

+5 −2
Original line number Diff line number Diff line
@@ -18,8 +18,11 @@ set ``CONFIG_SECURITY_APPARMOR=y`` 


If AppArmor should be selected as the default security module then set::



   CONFIG_DEFAULT_SECURITY="apparmor"

   CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

   CONFIG_DEFAULT_SECURITY_APPARMOR=y



The CONFIG_LSM parameter manages the order and selection of LSMs.

Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack)

in the list.



Build the kernel