[OS-BUILD PATCH 1/2] configs: clean up LSM configs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>

configs: clean up LSM configs

1. Move CONFIG_SECURITY_LOCKDOWN_LSM from pending-common/ to ark/ -
   there is no incentive to enable it in ELN/RHEL at the moment.
2. Remove ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE - this
   config has been removed upstream.
3. Deduplicate default value of CONFIG_LSM_MMAP_MIN_ADDR - set it to
   65536 under common/ and only override it in
   fedora/generic/arm/armv7/.
4. Trim LSMs that are not build-enabled from CONFIG_LSM on Fedora -
   and since it then becomes the same as the ARK setting, unify it under
   common/.

Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>

diff a/redhat/configs/pending-common/generic/CONFIG_SECURITY_LOCKDOWN_LSM b/redhat/configs/ark/generic/CONFIG_SECURITY_LOCKDOWN_LSM
--- a/redhat/configs/pending-common/generic/CONFIG_SECURITY_LOCKDOWN_LSM
+++ b/redhat/configs/ark/generic/CONFIG_SECURITY_LOCKDOWN_LSM
diff a/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE b/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
--- a/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
diff a/redhat/configs/ark/generic/CONFIG_LSM b/redhat/configs/common/generic/CONFIG_LSM
--- a/redhat/configs/ark/generic/CONFIG_LSM
+++ b/redhat/configs/common/generic/CONFIG_LSM
diff a/redhat/configs/ark/generic/CONFIG_LSM_MMAP_MIN_ADDR b/redhat/configs/common/generic/CONFIG_LSM_MMAP_MIN_ADDR
--- a/redhat/configs/ark/generic/CONFIG_LSM_MMAP_MIN_ADDR
+++ b/redhat/configs/common/generic/CONFIG_LSM_MMAP_MIN_ADDR
diff a/redhat/configs/fedora/generic/CONFIG_LSM b/redhat/configs/fedora/generic/CONFIG_LSM
--- a/redhat/configs/fedora/generic/CONFIG_LSM
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
diff a/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR b/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR
--- a/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_LSM_MMAP_MIN_ADDR=65536

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/922
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux