From 822e4df468e5b57c4e44be1b936bd9587905dc05 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Sat, 3 Dec 2016 21:30:10 +0000
Subject: [PATCH] Add Yama LSM

Default config is restricted ptrace, processes can only ptrace
related processes, such as child processes, rather than any process
with the same uid.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 alpine/kernel/kernel_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/alpine/kernel/kernel_config b/alpine/kernel/kernel_config
index c8ea9d651..d8cd8fc40 100644
--- a/alpine/kernel/kernel_config
+++ b/alpine/kernel/kernel_config
@@ -3331,7 +3331,7 @@ CONFIG_HARDENED_USERCOPY=y
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_YAMA is not set
+CONFIG_SECURITY_YAMA=y
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
 CONFIG_INTEGRITY_AUDIT=y