From ffec3d1894ffd05966b50efa49ca19af76c9ea81 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 1 Feb 2019 14:36:50 +0100
Subject: dashboard/config: add lsm= cmdline arg for stacked modules

It won't take effect right now as security= has precedence over lsm=.
But it won't harm too and later we will only need to remove security=.
Also it will work with this custom patch for syzbot:
https://groups.google.com/d/msg/syzkaller/BSgVCTSShRQ/E6lFuiDpFwAJ

Update #973
---
 dashboard/config/upstream-apparmor.cmdline | 1 +
 dashboard/config/upstream-selinux.cmdline  | 1 +
 dashboard/config/upstream-smack.cmdline    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/dashboard/config/upstream-apparmor.cmdline b/dashboard/config/upstream-apparmor.cmdline
index 844820520..6ec599e99 100644
--- a/dashboard/config/upstream-apparmor.cmdline
+++ b/dashboard/config/upstream-apparmor.cmdline
@@ -1,4 +1,5 @@
 security=apparmor
+lsm=yama,safesetid,integrity,tomoyo,apparmor
 ima_policy=tcb
 workqueue.watchdog_thresh=140
 kvm-intel.nested=1
diff --git a/dashboard/config/upstream-selinux.cmdline b/dashboard/config/upstream-selinux.cmdline
index 23064ced7..c1c80f8dd 100644
--- a/dashboard/config/upstream-selinux.cmdline
+++ b/dashboard/config/upstream-selinux.cmdline
@@ -1,4 +1,5 @@
 security=selinux
+lsm=yama,safesetid,integrity,selinux,tomoyo
 ima_policy=tcb
 workqueue.watchdog_thresh=140
 kvm-intel.nested=1
diff --git a/dashboard/config/upstream-smack.cmdline b/dashboard/config/upstream-smack.cmdline
index e574a7201..b5b302e4c 100644
--- a/dashboard/config/upstream-smack.cmdline
+++ b/dashboard/config/upstream-smack.cmdline
@@ -1,4 +1,5 @@
 security=smack
+lsm=yama,safesetid,integrity,smack,tomoyo
 ima_policy=tcb
 workqueue.watchdog_thresh=140
 kvm-intel.nested=1
-- 
cgit mrf-deployment