kernel: add options needed for SELinux
This adds a number of options to config/Config-kernel.in so that packages related to SELinux support can enable the appropriate Linux kernel support. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase; add ext4, F2FS, UBIFS, and JFFS2 support; add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
Thomas Petazzoni
committed by
Daniel Golle
Daniel Golle
parent
d3d40cd6a4
commit
168faef443
@@ -1081,6 +1081,9 @@ config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
|
||||
default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
|
||||
default 3
|
||||
|
||||
config KERNEL_SQUASHFS_XATTR
|
||||
bool "Squashfs XATTR support"
|
||||
|
||||
#
|
||||
# compile optimiziation setting
|
||||
#
|
||||
@@ -1102,3 +1105,55 @@ config KERNEL_CC_OPTIMIZE_FOR_SIZE
|
||||
your compiler resulting in a smaller kernel.
|
||||
|
||||
endchoice
|
||||
|
||||
config KERNEL_AUDIT
|
||||
bool "Auditing support"
|
||||
|
||||
config KERNEL_SECURITY
|
||||
bool "Enable different security models"
|
||||
|
||||
config KERNEL_SECURITY_NETWORK
|
||||
bool "Socket and Networking Security Hooks"
|
||||
select KERNEL_SECURITY
|
||||
|
||||
config KERNEL_SECURITY_SELINUX
|
||||
bool "NSA SELinux Support"
|
||||
select KERNEL_SECURITY_NETWORK
|
||||
select KERNEL_AUDIT
|
||||
|
||||
config KERNEL_SECURITY_SELINUX_BOOTPARAM
|
||||
bool "NSA SELinux boot parameter"
|
||||
depends on KERNEL_SECURITY_SELINUX
|
||||
|
||||
config KERNEL_SECURITY_SELINUX_DISABLE
|
||||
bool "NSA SELinux runtime disable"
|
||||
depends on KERNEL_SECURITY_SELINUX
|
||||
|
||||
config KERNEL_SECURITY_SELINUX_DEVELOP
|
||||
bool "NSA SELinux Development Support"
|
||||
depends on KERNEL_SECURITY_SELINUX
|
||||
|
||||
choice
|
||||
prompt "First legacy 'major LSM' to be initialized"
|
||||
depends on KERNEL_SECURITY_SELINUX
|
||||
default KERNEL_DEFAULT_SECURITY_SELINUX
|
||||
|
||||
config KERNEL_DEFAULT_SECURITY_SELINUX
|
||||
bool "SELinux"
|
||||
|
||||
config KERNEL_DEFAULT_SECURITY_DAC
|
||||
bool "Unix Discretionary Access Controls"
|
||||
|
||||
endchoice
|
||||
|
||||
config KERNEL_EXT4_FS_SECURITY
|
||||
bool "Ext4 Security Labels"
|
||||
|
||||
config KERNEL_F2FS_FS_SECURITY
|
||||
bool "F2FS Security Labels"
|
||||
|
||||
config KERNEL_UBIFS_FS_SECURITY
|
||||
bool "UBIFS Security Labels"
|
||||
|
||||
config KERNEL_JFFS2_FS_SECURITY
|
||||
bool "JFFS2 Security Labels"
|
||||
|
||||
@@ -1210,6 +1210,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||
# CONFIG_DEFAULT_RENO is not set
|
||||
CONFIG_DEFAULT_SECURITY=""
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
CONFIG_DEFAULT_TCP_CONG="cubic"
|
||||
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
|
||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||
@@ -1526,6 +1527,7 @@ CONFIG_EXTRA_TARGETS=""
|
||||
# CONFIG_FAILOVER is not set
|
||||
# CONFIG_FAIR_GROUP_SCHED is not set
|
||||
# CONFIG_FANOTIFY is not set
|
||||
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
|
||||
CONFIG_FAT_DEFAULT_CODEPAGE=437
|
||||
CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
|
||||
# CONFIG_FAT_DEFAULT_UTF8 is not set
|
||||
@@ -1671,6 +1673,24 @@ CONFIG_FLAT_NODE_MEM_MAP=y
|
||||
# CONFIG_FORCEDETH is not set
|
||||
CONFIG_FORCE_MAX_ZONEORDER=11
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
|
||||
# CONFIG_SECURITY_SELINUX_DISABLE is not set
|
||||
# CONFIG_SECURITY_SELINUX_DEVELOP is not set
|
||||
# CONFIG_SECURITY_SELINUX_AVC_STATS is not set
|
||||
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
# CONFIG_SECURITY_YAMA is not set
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
# CONFIG_INTEGRITY is not set
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
# CONFIG_INTEGRITY_AUDIT is not set
|
||||
# CONFIG_IMA is not set
|
||||
# CONFIG_EVM is not set
|
||||
# CONFIG_LSM is not set
|
||||
# CONFIG_FPGA is not set
|
||||
# CONFIG_FRAMEBUFFER_CONSOLE is not set
|
||||
# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
|
||||
@@ -3366,6 +3386,7 @@ CONFIG_NETDEVICES=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||
# CONFIG_NETLINK_DIAG is not set
|
||||
# CONFIG_NETLINK_MMAP is not set
|
||||
@@ -3373,6 +3394,7 @@ CONFIG_NETDEVICES=y
|
||||
# CONFIG_NETROM is not set
|
||||
CONFIG_NETWORK_FILESYSTEMS=y
|
||||
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
|
||||
# CONFIG_NETLABEL is not set
|
||||
# CONFIG_NETWORK_SECMARK is not set
|
||||
# CONFIG_NETXEN_NIC is not set
|
||||
# CONFIG_NET_9P is not set
|
||||
@@ -3647,6 +3669,7 @@ CONFIG_NFS_V3=y
|
||||
CONFIG_NF_CONNTRACK_PROCFS=y
|
||||
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
|
||||
# CONFIG_NF_CONNTRACK_SANE is not set
|
||||
# CONFIG_NF_CONNTRACK_SECMARK is not set
|
||||
# CONFIG_NF_CONNTRACK_SIP is not set
|
||||
# CONFIG_NF_CONNTRACK_SNMP is not set
|
||||
# CONFIG_NF_CONNTRACK_TFTP is not set
|
||||
@@ -4569,6 +4592,8 @@ CONFIG_SCSI_PROC_FS=y
|
||||
CONFIG_SECTION_MISMATCH_WARN_ONLY=y
|
||||
# CONFIG_SECURITY is not set
|
||||
# CONFIG_SECURITYFS is not set
|
||||
# CONFIG_SECURITY_PATH is not set
|
||||
CONFIG_LSM_MMAP_MIN_ADDR=65536
|
||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SELECT_MEMORY_MODEL=y
|
||||
# CONFIG_SENSIRION_SGP30 is not set
|
||||
|
||||
Reference in New Issue
Block a user