Stephen Smalley wrote:
On Sat, 2012-06-16 at 14:56 -0400, Joshua Brindle wrote:
Signed-off-by: Joshua Brindle<jbrindle@xxxxxxxxxx>
---
arch/x86/configs/i386_defconfig | 4 ++++
1 file changed, 4 insertions(+)
I would have expected these changes to go into
arch/x86/configs/goldfish_defconfig,
arch/arm/configs/goldfish_defconfig, and
arch/arm/configs/goldfish_armv7_defconfig.
Wondering why this worked (since it is obviously the wrong config) I looked at
the above files. It appears that the x86 goldfish_defconfig already had it (I
didn't test on an ARM emulator):
android/kernel/goldfish/arch/x86/configs$ git blame goldfish_defconfig | grep
SECMARK
b2069ffd (Jun Nakajima 2011-03-06 23:12:13 -0800 453)
CONFIG_NETWORK_SECMARK=y
b2069ffd (Jun Nakajima 2011-03-06 23:12:13 -0800 464)
CONFIG_NF_CONNTRACK_SECMARK=y
b2069ffd (Jun Nakajima 2011-03-06 23:12:13 -0800 470)
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
b2069ffd (Jun Nakajima 2011-03-06 23:12:13 -0800 473)
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
I'll apply it to the arm configs and resubmit.
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index edba00d..09db997 100644
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -2128,6 +2128,10 @@ CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536
+CONFIG_NETWORK_SECMARK=y
+CONFIG_NF_CONNTRACK_SECMARK=y
+CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
+CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
