dashboard/config/linux: enable Landlock

Add config fragments for Landlock LSM.

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>

4 files changed, 4 insertions, 3 deletions

diff --git a/dashboard/config/linux/bits/apparmor.yml b/dashboard/config/linux/bits/apparmor.yml
index 4dda2b3aa..1349a9947 100644
--- a/dashboard/config/linux/bits/apparmor.yml
+++ b/dashboard/config/linux/bits/apparmor.yml
@@ -10,4 +10,4 @@ config:
  - SECURITY_APPARMOR_DEBUG
  - SECURITY_APPARMOR_DEBUG_ASSERTS
  - DEFAULT_SECURITY_APPARMOR
- - LSM: "lockdown,yama,safesetid,integrity,tomoyo,apparmor,bpf"
+ - LSM: "landlock,lockdown,yama,safesetid,integrity,tomoyo,apparmor,bpf"
diff --git a/dashboard/config/linux/bits/lsm.yml b/dashboard/config/linux/bits/lsm.yml
index 5c3ddd43c..7fbb72374 100644
--- a/dashboard/config/linux/bits/lsm.yml
+++ b/dashboard/config/linux/bits/lsm.yml
@@ -14,6 +14,7 @@ config:
  - SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
  - SECURITY_YAMA
  - SECURITY_SAFESETID
+ - SECURITY_LANDLOCK: [linux-next]
  - SECURITY_LOCKDOWN_LSM
  - SECURITY_LOCKDOWN_LSM_EARLY
  - INTEGRITY
diff --git a/dashboard/config/linux/bits/selinux.yml b/dashboard/config/linux/bits/selinux.yml
index ed9039f44..9438fbb28 100644
--- a/dashboard/config/linux/bits/selinux.yml
+++ b/dashboard/config/linux/bits/selinux.yml
@@ -7,4 +7,4 @@ config:
  - SECURITY_SELINUX
  - SECURITY_SELINUX_DISABLE: n
  - DEFAULT_SECURITY_SELINUX
- - LSM: "lockdown,yama,safesetid,integrity,tomoyo,selinux,bpf"
+ - LSM: "landlock,lockdown,yama,safesetid,integrity,tomoyo,selinux,bpf"
diff --git a/dashboard/config/linux/bits/smack.yml b/dashboard/config/linux/bits/smack.yml
index b5ed1b382..ea463ce78 100644
--- a/dashboard/config/linux/bits/smack.yml
+++ b/dashboard/config/linux/bits/smack.yml
@@ -8,4 +8,4 @@ config:
  - SECURITY_SMACK_NETFILTER: [-baseline, -onlyusb]
  - EVM_EXTRA_SMACK_XATTRS
  - DEFAULT_SECURITY_SMACK
- - LSM: "lockdown,yama,safesetid,integrity,tomoyo,smack,bpf"
+ - LSM: "landlock,lockdown,yama,safesetid,integrity,tomoyo,smack,bpf"