When generating a kernel config for testing per the README.md instructions based on localmodconfig followed by merge_config.sh with this defconfig fragment, I found that certain tests were failing due to missing options. We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs tests. Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> --- defconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defconfig b/defconfig index 00bf9f3..0c96408 100644 --- a/defconfig +++ b/defconfig @@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m +CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp # Filesystem security labeling support. @@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y # This is not required for SELinux operation itself. CONFIG_NFS_FS=m CONFIG_NFS_V4=m +CONFIG_NFS_V4_1=y CONFIG_NFS_V4_2=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFSD=m -- 2.25.1
