Revert "Enable TXT, SELinux and AppArmor"
All of these require significant userspace support. SELinux in particular requires linking against its library in numerous places, including coreutils. This makes making them available in the kernel of dubious value. Still, AppArmor and SELinux are available in linux-hardened for those who want it. This reverts commit 8215d0422d37317bd154497a2240ebbdd14c131d.
This commit is contained in:
Jan Alexander Steffens
parent
304ce7dbcb
commit
2e347a387f
2
PKGBUILD
2
PKGBUILD
@ -26,7 +26,7 @@ validpgpkeys=(
|
||||
'8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig)
|
||||
)
|
||||
sha256sums=('SKIP'
|
||||
'd2e706aeae315a6837991e8653e873c3ed6ff1aef25a28b2442119fef7f27fe2'
|
||||
'303aa10fe7596346a8c3f5ffe46f7528711c182d6576a47ec5d25d5dcce7b435'
|
||||
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
|
||||
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
|
||||
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
|
||||
|
||||
19
config
19
config
@ -9255,33 +9255,20 @@ CONFIG_PAGE_TABLE_ISOLATION=y
|
||||
CONFIG_SECURITY_INFINIBAND=y
|
||||
CONFIG_SECURITY_NETWORK_XFRM=y
|
||||
CONFIG_SECURITY_PATH=y
|
||||
CONFIG_INTEL_TXT=y
|
||||
CONFIG_LSM_MMAP_MIN_ADDR=65536
|
||||
# CONFIG_INTEL_TXT is not set
|
||||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
CONFIG_HARDENED_USERCOPY_FALLBACK=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
CONFIG_SECURITY_SELINUX=y
|
||||
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
|
||||
# CONFIG_SECURITY_SELINUX_DISABLE is not set
|
||||
CONFIG_SECURITY_SELINUX_DEVELOP=y
|
||||
CONFIG_SECURITY_SELINUX_AVC_STATS=y
|
||||
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_INTEGRITY is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_DEFAULT_SECURITY=""
|
||||
CONFIG_XOR_BLOCKS=m
|
||||
|
||||
Loading…
Reference in New Issue
Block a user