From 552b59382834d87c1071890c460d84c9cac407ed Mon Sep 17 00:00:00 2001
From: Chevek <51275028+Chevek@users.noreply.github.com>
Date: Wed, 15 Nov 2023 21:58:49 +0100
Subject: [PATCH] In case of Fedora: modify kernel configuration to add
 SELinux. Fix #383 (#848)

---
 linux-tkg-config/prepare | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/linux-tkg-config/prepare b/linux-tkg-config/prepare
index a269103..bf453b7 100644
--- a/linux-tkg-config/prepare
+++ b/linux-tkg-config/prepare
@@ -1781,6 +1781,16 @@ CONFIG_DEBUG_INFO_BTF_MODULES=y\r
   msg2 "Setting config"
   make ${_config_updating} ${llvm_opt} |& tee -a "$_where"/logs/prepare.log.txt
 
+  # Modify the kernel config file to fit Fedora SELinux configuration
+  if [ "$_distro" = "Fedora" ] ; then
+    msg2 "SELinux activation for Fedora"
+    _enable "AUDIT"
+    _enable "SECURITY_SELINUX"
+    _enable "DEFAULT_SECURITY_SELINUX"
+    _disable "DEFAULT_SECURITY_DAC"
+    scripts/config --set-str "LSM" "lockdown,yama,integrity,selinux,bpf,landlock"
+  fi
+
   # menuconfig / nconfig
   if [ -z "$_menunconfig" ]; then
     plain ""