Enable AppArmor by default about linux-mainline-and-mali-generic-stable-kernel HOT 4 OPEN

@meden - help is always welcome :) ... i noticed this too while diffing the changes and it looks like its covered well already with the current settings (i.e. kconfig is clever enough) - this for instance is done with the new kernel config options:

from linux-mainline-and-mali-generic-stable-kernel.

@meden - thanks for the hint - i'll soon add the required options to the https://github.com/hexdump0815/kernel-config-options repo, so that future kernels (for the odroid u3 etc. maybe v6.0 and for sure v6.1 as that will be an lts kernel again) will have them enabled by default

the way i handle the kernel config options is maybe not perfect, but it works quite well in practice for me for keeping the kernel configs somewhat in sync between completely different kernel trees without magic configs or defconfigs where it is not really clear what was changed ... i usually do them once by hand via make menuconfig and look at the diff of the .config to also catch the dependencies - must have missed that for the usb serial and of course it will not work too well with new dependencies, but most dependencies are done well already in the kconfig settings of the kernel

from linux-mainline-and-mali-generic-stable-kernel.

done - hexdump0815/kernel-config-options@455a395 - so future kernels should have it :)

from linux-mainline-and-mali-generic-stable-kernel.

I guess the modifications made in hexdump0815/kernel-config-options@455a395 are enough.

Just to be on the safe side, please consider that (AFAIU) to automatically initialize AppArmor support, the value apparmor must by present also in CONFIG_LSM, e.g. like

CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,bpf"
                                                               ^^^^^^^^

Considering the documentation of CONFIG_LSM, though, not setting the config option at all should result in a sensible default (e.g. the list of all compiled security modules). So in the end, it depends if you specify or not CONFIG_LSM in one of the configuration fragments.

Please, consider that I'm not a big expert of LSM, nor kernel config, so please consider this (and have patience) while reading my comments 😅. I'm just trying to help, eventually avoiding unnecessary iterations to get things working 🙂.

from linux-mainline-and-mali-generic-stable-kernel.