aptenodytes: Enable LSM (incl. landlock)
This commit is contained in:
parent
368e5c2085
commit
d43ffcb537
@ -893,6 +893,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
|
|||||||
# CONFIG_IPV6_SEG6_LWTUNNEL is not set
|
# CONFIG_IPV6_SEG6_LWTUNNEL is not set
|
||||||
# CONFIG_IPV6_SEG6_HMAC is not set
|
# CONFIG_IPV6_SEG6_HMAC is not set
|
||||||
# CONFIG_IPV6_RPL_LWTUNNEL is not set
|
# CONFIG_IPV6_RPL_LWTUNNEL is not set
|
||||||
|
# CONFIG_NETLABEL is not set
|
||||||
CONFIG_MPTCP=y
|
CONFIG_MPTCP=y
|
||||||
CONFIG_INET_MPTCP_DIAG=y
|
CONFIG_INET_MPTCP_DIAG=y
|
||||||
CONFIG_MPTCP_IPV6=y
|
CONFIG_MPTCP_IPV6=y
|
||||||
@ -2636,6 +2637,7 @@ CONFIG_FSNOTIFY=y
|
|||||||
# CONFIG_DNOTIFY is not set
|
# CONFIG_DNOTIFY is not set
|
||||||
CONFIG_INOTIFY_USER=y
|
CONFIG_INOTIFY_USER=y
|
||||||
CONFIG_FANOTIFY=y
|
CONFIG_FANOTIFY=y
|
||||||
|
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
|
||||||
CONFIG_QUOTA=y
|
CONFIG_QUOTA=y
|
||||||
# CONFIG_QUOTA_NETLINK_INTERFACE is not set
|
# CONFIG_QUOTA_NETLINK_INTERFACE is not set
|
||||||
# CONFIG_PRINT_QUOTA_WARNING is not set
|
# CONFIG_PRINT_QUOTA_WARNING is not set
|
||||||
@ -2800,15 +2802,30 @@ CONFIG_KEYS=y
|
|||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
# CONFIG_KEY_DH_OPERATIONS is not set
|
# CONFIG_KEY_DH_OPERATIONS is not set
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
# CONFIG_SECURITY is not set
|
CONFIG_SECURITY=y
|
||||||
CONFIG_SECURITYFS=y
|
CONFIG_SECURITYFS=y
|
||||||
|
# CONFIG_SECURITY_NETWORK is not set
|
||||||
CONFIG_PAGE_TABLE_ISOLATION=y
|
CONFIG_PAGE_TABLE_ISOLATION=y
|
||||||
|
CONFIG_SECURITY_PATH=y
|
||||||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||||
CONFIG_HARDENED_USERCOPY=y
|
CONFIG_HARDENED_USERCOPY=y
|
||||||
CONFIG_FORTIFY_SOURCE=y
|
CONFIG_FORTIFY_SOURCE=y
|
||||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||||
|
# CONFIG_SECURITY_SMACK is not set
|
||||||
|
# CONFIG_SECURITY_TOMOYO is not set
|
||||||
|
# CONFIG_SECURITY_APPARMOR is not set
|
||||||
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
|
CONFIG_SECURITY_YAMA=y
|
||||||
|
# CONFIG_SECURITY_SAFESETID is not set
|
||||||
|
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||||
|
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
|
||||||
|
# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
|
||||||
|
CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
|
||||||
|
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||||
|
CONFIG_SECURITY_LANDLOCK=y
|
||||||
|
# CONFIG_INTEGRITY is not set
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_LSM="yama,loadpin,safesetid,integrity"
|
CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Kernel hardening options
|
# Kernel hardening options
|
||||||
|
Loading…
x
Reference in New Issue
Block a user