since it prevents boot with our current way of building ZFS modules in case a system is booted with secureboot enabled. Signed-off-by: Fabian Grünbichler <[email protected]>
@@ -73,6 +73,9 @@ PVE_CONFIG_OPTS= \
-d CONFIG_UNWINDER_ORC \
-d CONFIG_UNWINDER_GUESS \
-e CONFIG_UNWINDER_FRAME_POINTER \
+-d CONFIG_SECURITY_LOCKDOWN_LSM \
+-d CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
+--set-str CONFIG_LSM yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION
debian/control: $(wildcard debian/*.in)
Fabian Grünbichler