Disable IMA appraise (rhbz 1554474)

A recent change to the EFI lockdown patch forces IMA policy to be loaded when secureboot is used. Unfortunately, we don't have all the pieces in place to have all components fully signed. Disable appraisal for now until that gets fixed.
author: Laura Abbott <labbott@redhat.com> 2018-03-12 12:12:50 -0700
committer: Laura Abbott <labbott@redhat.com> 2018-03-12 12:12:50 -0700
commit: 4acc5bbea900934e5b4bc8835a62b5dcc5c57cab (patch)
tree: 5564c5f7373c109f37298ae914f59dbefa2d9c34 /kernel-ppc64.config
parent: 06a455a312a2ee8eada2805fe20d362366630b1c (diff)
download: kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.gz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.xz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index f211e4b89..e81bdb3a0 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -1942,7 +1942,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
author	Laura Abbott <labbott@redhat.com>	2018-03-12 12:12:50 -0700
committer	Laura Abbott <labbott@redhat.com>	2018-03-12 12:12:50 -0700
commit	4acc5bbea900934e5b4bc8835a62b5dcc5c57cab (patch)
tree	5564c5f7373c109f37298ae914f59dbefa2d9c34 /kernel-ppc64.config
parent	06a455a312a2ee8eada2805fe20d362366630b1c (diff)
download	kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.gz kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.xz kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.zip