On Tue, Jun 9, 2020 at 11:18 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > When generating a kernel config for testing per the README.md instructions > based on localmodconfig followed by merge_config.sh with this defconfig > fragment, I found that certain tests were failing due to missing options. > We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests > and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs > tests. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > defconfig | 2 ++ > 1 file changed, 2 insertions(+) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> > diff --git a/defconfig b/defconfig > index 00bf9f3..0c96408 100644 > --- a/defconfig > +++ b/defconfig > @@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y > CONFIG_NF_CONNTRACK_SECMARK=y > CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m > CONFIG_NETFILTER_XT_TARGET_SECMARK=m > +CONFIG_NETFILTER_XT_MATCH_STATE=m > CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp > > # Filesystem security labeling support. > @@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y > # This is not required for SELinux operation itself. > CONFIG_NFS_FS=m > CONFIG_NFS_V4=m > +CONFIG_NFS_V4_1=y > CONFIG_NFS_V4_2=y > CONFIG_NFS_V4_SECURITY_LABEL=y > CONFIG_NFSD=m > -- > 2.25.1 > -- paul moore www.paul-moore.com
