From ec90fff401f49e2b75d7ca213cfb0d3f23773b4b Mon Sep 17 00:00:00 2001
From: Alexandre Skrzyniarz <alexandre.skrzyniarz@laposte.net>
Date: Wed, 8 Nov 2023 16:28:38 +0100
Subject: [PATCH] fix kernel_config_security_writable_hooks rule

Those hooks shall be deactivated to prevent LSM deactivation at runtime. Hence, the kernel flag CONFIG_SECURITY_WRITABLE_HOOKS shall not be set.

See ANSSI-BP-028 v2.0 guide.

Fixes issue #11254
---
 .../kernel_config_security_writable_hooks/rule.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml
index ab54c4ae25d7..4e5d022c80b1 100644
--- a/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml
+++ b/linux_os/guide/system/kernel_build_config/kernel_config_security_writable_hooks/rule.yml
@@ -33,5 +33,5 @@ template:
     name: kernel_build_config
     vars:
         config: CONFIG_SECURITY_WRITABLE_HOOKS
-        value: 'y'
+        value: 'n'