aptenodytes: Enable LSM (incl. landlock)

This commit is contained in:
Nils Freydank 2021-06-29 15:28:00 +02:00
parent 368e5c2085
commit d43ffcb537
No known key found for this signature in database
GPG Key ID: BC5DC2998AAD2B21

View File

@ -893,6 +893,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
# CONFIG_IPV6_SEG6_LWTUNNEL is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set
# CONFIG_IPV6_SEG6_HMAC is not set # CONFIG_IPV6_SEG6_HMAC is not set
# CONFIG_IPV6_RPL_LWTUNNEL is not set # CONFIG_IPV6_RPL_LWTUNNEL is not set
# CONFIG_NETLABEL is not set
CONFIG_MPTCP=y CONFIG_MPTCP=y
CONFIG_INET_MPTCP_DIAG=y CONFIG_INET_MPTCP_DIAG=y
CONFIG_MPTCP_IPV6=y CONFIG_MPTCP_IPV6=y
@ -2636,6 +2637,7 @@ CONFIG_FSNOTIFY=y
# CONFIG_DNOTIFY is not set # CONFIG_DNOTIFY is not set
CONFIG_INOTIFY_USER=y CONFIG_INOTIFY_USER=y
CONFIG_FANOTIFY=y CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
CONFIG_QUOTA=y CONFIG_QUOTA=y
# CONFIG_QUOTA_NETLINK_INTERFACE is not set # CONFIG_QUOTA_NETLINK_INTERFACE is not set
# CONFIG_PRINT_QUOTA_WARNING is not set # CONFIG_PRINT_QUOTA_WARNING is not set
@ -2800,15 +2802,30 @@ CONFIG_KEYS=y
CONFIG_ENCRYPTED_KEYS=y CONFIG_ENCRYPTED_KEYS=y
# CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_KEY_DH_OPERATIONS is not set
CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY_DMESG_RESTRICT=y
# CONFIG_SECURITY is not set CONFIG_SECURITY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_SECURITY_PATH=y
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set # CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
CONFIG_SECURITY_LANDLOCK=y
# CONFIG_INTEGRITY is not set
CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity" CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity"
# #
# Kernel hardening options # Kernel hardening options