From f6d3198e5d8d038f86342a094b8472a69b6df608 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Mon, 22 Jun 2020 10:06:47 +0200
Subject: [PATCH] fix #2814: config: disable lockdown
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

since it prevents boot with our current way of building ZFS modules in
case a system is booted with secureboot enabled.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 debian/rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/rules b/debian/rules
index f531ac5..7c4f9f6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -73,6 +73,9 @@ PVE_CONFIG_OPTS= \
 -d CONFIG_UNWINDER_ORC \
 -d CONFIG_UNWINDER_GUESS \
 -e CONFIG_UNWINDER_FRAME_POINTER \
+-d CONFIG_SECURITY_LOCKDOWN_LSM \
+-d CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
+--set-str CONFIG_LSM yama,integrity,apparmor \
 -e CONFIG_PAGE_TABLE_ISOLATION
 
 debian/control: $(wildcard debian/*.in)