fix kernel_config_security_writable_hooks rule

Those hooks shall be deactivated to prevent LSM deactivation at runtime. Hence, the kernel flag CONFIG_SECURITY_WRITABLE_HOOKS shall not be set. See ANSSI-BP-028 v2.0 guide. Fixes issue #11254
ComplianceAsCode · Nov 8, 2023 · ec90fff · ec90fff
1 parent da576cc
commit ec90fff
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml
@@ -33,5 +33,5 @@ template:
     name: kernel_build_config
     vars:
         config: CONFIG_SECURITY_WRITABLE_HOOKS
-        value: 'y'
+        value: 'n'