From 2e347a387f4d6e34ba82b3d72894373185a8a28e Mon Sep 17 00:00:00 2001 From: Jan Alexander Steffens Date: Mon, 3 Sep 2018 19:15:26 +0000 Subject: [PATCH] Revert "Enable TXT, SELinux and AppArmor" All of these require significant userspace support. SELinux in particular requires linking against its library in numerous places, including coreutils. This makes making them available in the kernel of dubious value. Still, AppArmor and SELinux are available in linux-hardened for those who want it. This reverts commit 8215d0422d37317bd154497a2240ebbdd14c131d. --- PKGBUILD | 2 +- config | 19 +++---------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/PKGBUILD b/PKGBUILD index 226f014..393c537 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -26,7 +26,7 @@ validpgpkeys=( '8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig) ) sha256sums=('SKIP' - 'd2e706aeae315a6837991e8653e873c3ed6ff1aef25a28b2442119fef7f27fe2' + '303aa10fe7596346a8c3f5ffe46f7528711c182d6576a47ec5d25d5dcce7b435' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65') diff --git a/config b/config index ce8c820..0513d74 100644 --- a/config +++ b/config @@ -9255,33 +9255,20 @@ CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y -CONFIG_INTEL_TXT=y -CONFIG_LSM_MMAP_MIN_ADDR=65536 +# CONFIG_INTEL_TXT is not set CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set -CONFIG_SECURITY_SELINUX=y -CONFIG_SECURITY_SELINUX_BOOTPARAM=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 -# CONFIG_SECURITY_SELINUX_DISABLE is not set -CONFIG_SECURITY_SELINUX_DEVELOP=y -CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 +# CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -CONFIG_SECURITY_APPARMOR=y -CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 -CONFIG_SECURITY_APPARMOR_HASH=y -CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y -# CONFIG_SECURITY_APPARMOR_DEBUG is not set +# CONFIG_SECURITY_APPARMOR is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y # CONFIG_INTEGRITY is not set -# CONFIG_DEFAULT_SECURITY_SELINUX is not set -# CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m