aptenodytes: Enable apparmor
This commit is contained in:
parent
2a7583a681
commit
4ad58ecaf0
GPG Key ID:
0F1DEAB2D36AD112
|
|
@ -2810,16 +2810,21 @@ CONFIG_ENCRYPTED_KEYS=y
|
|||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SECURITY=y
|
||||
CONFIG_SECURITYFS=y
|
||||
# CONFIG_SECURITY_NETWORK is not set
|
||||
CONFIG_SECURITY_NETWORK=y
|
||||
CONFIG_PAGE_TABLE_ISOLATION=y
|
||||
# CONFIG_SECURITY_NETWORK_XFRM is not set
|
||||
CONFIG_SECURITY_PATH=y
|
||||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
|
|
@ -2830,8 +2835,9 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
|
|||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
CONFIG_SECURITY_LANDLOCK=y
|
||||
# CONFIG_INTEGRITY is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
|
||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="apparmor,landlock,yama,loadpin,safesetid,integrity"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
|
|
|
|||
Loading…
Reference in New Issue