Revert "Enable TXT, SELinux and AppArmor"

All of these require significant userspace support. SELinux in
particular requires linking against its library in numerous places,
including coreutils. This makes making them available in the kernel of
dubious value. Still, AppArmor and SELinux are available in
linux-hardened for those who want it.

This reverts commit 8215d0422d37317bd154497a2240ebbdd14c131d.
This commit is contained in:
Jan Alexander Steffens 2018-09-03 19:15:26 +00:00
parent 304ce7dbcb
commit 2e347a387f
2 changed files with 4 additions and 17 deletions

View File

@ -26,7 +26,7 @@ validpgpkeys=(
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
)
sha256sums=('SKIP'
'd2e706aeae315a6837991e8653e873c3ed6ff1aef25a28b2442119fef7f27fe2'
'303aa10fe7596346a8c3f5ffe46f7528711c182d6576a47ec5d25d5dcce7b435'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')

19
config
View File

@ -9255,33 +9255,20 @@ CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_SECURITY_INFINIBAND=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
CONFIG_LSM_MMAP_MIN_ADDR=65536
# CONFIG_INTEL_TXT is not set
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
# CONFIG_SECURITY_SELINUX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
# CONFIG_INTEGRITY is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m