From a438a94d3250847aacf48662ec52d811cd0f1e25 Mon Sep 17 00:00:00 2001
From: Atemu <atemu.main@gmail.com>
Date: Mon, 11 Jan 2021 07:02:30 +0100
Subject: [PATCH] linux: make SECURITY_LOCKDOWN_LSM optional

Not supported on kernels <5.4
---
 pkgs/os-specific/linux/kernel/common-config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index c4ecf666fcd..e1b6da0216d 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -424,7 +424,7 @@ let
       MODULE_SIG            = no; # r13y, generates a random key during build and bakes it in
       # Depends on MODULE_SIG and only really helps when you sign your modules
       # and enforce signatures which we don't do by default.
-      SECURITY_LOCKDOWN_LSM = no;
+      SECURITY_LOCKDOWN_LSM = option no;
     } // optionalAttrs (!stdenv.hostPlatform.isAarch32) {
 
       # Detect buffer overflows on the stack