Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

config: Enable options needed for bootc-install #57

Merged
merged 4 commits into from
Apr 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions config-libkrunfw-sev_x86_64
Original file line number Diff line number Diff line change
Expand Up @@ -1652,14 +1652,14 @@ CONFIG_FS_IOMAP=y
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT2=y
# CONFIG_EXT4_FS_POSIX_ACL is not set
# CONFIG_EXT4_FS_SECURITY is not set
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_DEBUG is not set
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
# CONFIG_XFS_FS is not set
CONFIG_XFS_FS=y
# CONFIG_GFS2_FS is not set
# CONFIG_BTRFS_FS is not set
# CONFIG_NILFS2_FS is not set
Expand Down Expand Up @@ -1698,7 +1698,7 @@ CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
# DOS/FAT/EXFAT/NT Filesystems
#
# CONFIG_MSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_VFAT_FS=y
# CONFIG_EXFAT_FS is not set
# CONFIG_NTFS_FS is not set
# CONFIG_NTFS3_FS is not set
Expand Down Expand Up @@ -1733,7 +1733,7 @@ CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
# CONFIG_NETWORK_FILESYSTEMS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_437 is not set
CONFIG_NLS_CODEPAGE_437=y
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
Expand All @@ -1757,7 +1757,7 @@ CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
# CONFIG_NLS_ISO8859_1 is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
Expand Down Expand Up @@ -1806,7 +1806,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
# CONFIG_HARDENED_USERCOPY is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SELINUX is not set
CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
Expand All @@ -1817,7 +1817,7 @@ CONFIG_FORTIFY_SOURCE=y
# CONFIG_SECURITY_LANDLOCK is not set
# CONFIG_INTEGRITY is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf"
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"

#
# Kernel hardening options
Expand Down
9 changes: 6 additions & 3 deletions config-libkrunfw_aarch64
Original file line number Diff line number Diff line change
Expand Up @@ -2507,7 +2507,7 @@ CONFIG_JBD2=y
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
# CONFIG_XFS_FS is not set
CONFIG_XFS_FS=y
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
# CONFIG_BTRFS_FS is not set
Expand Down Expand Up @@ -2564,7 +2564,7 @@ CONFIG_CACHEFILES=y
# DOS/FAT/EXFAT/NT Filesystems
#
# CONFIG_MSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_VFAT_FS=y
# CONFIG_EXFAT_FS is not set
# CONFIG_NTFS_FS is not set
# CONFIG_NTFS3_FS is not set
Expand Down Expand Up @@ -2594,7 +2594,9 @@ CONFIG_CONFIGFS_FS=y

# CONFIG_MISC_FILESYSTEMS is not set
# CONFIG_NETWORK_FILESYSTEMS is not set
# CONFIG_NLS is not set
CONFIG_NLS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
# CONFIG_DLM is not set
CONFIG_UNICODE=y
# CONFIG_UNICODE_NORMALIZATION_SELFTEST is not set
Expand All @@ -2619,6 +2621,7 @@ CONFIG_KEY_DH_OPERATIONS=y
# CONFIG_HARDENED_USERCOPY is not set
# CONFIG_FORTIFY_SOURCE is not set
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"

Expand Down
14 changes: 7 additions & 7 deletions config-libkrunfw_x86_64
Original file line number Diff line number Diff line change
Expand Up @@ -1653,14 +1653,14 @@ CONFIG_FS_IOMAP=y
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT2=y
# CONFIG_EXT4_FS_POSIX_ACL is not set
# CONFIG_EXT4_FS_SECURITY is not set
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_DEBUG is not set
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
# CONFIG_XFS_FS is not set
CONFIG_XFS_FS=y
# CONFIG_GFS2_FS is not set
# CONFIG_BTRFS_FS is not set
# CONFIG_NILFS2_FS is not set
Expand Down Expand Up @@ -1704,7 +1704,7 @@ CONFIG_FUSE_DAX=y
# DOS/FAT/EXFAT/NT Filesystems
#
# CONFIG_MSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_VFAT_FS=y
# CONFIG_EXFAT_FS is not set
# CONFIG_NTFS_FS is not set
# CONFIG_NTFS3_FS is not set
Expand Down Expand Up @@ -1739,7 +1739,7 @@ CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
# CONFIG_NETWORK_FILESYSTEMS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_437 is not set
CONFIG_NLS_CODEPAGE_437=y
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
Expand All @@ -1763,7 +1763,7 @@ CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
# CONFIG_NLS_ISO8859_1 is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
Expand Down Expand Up @@ -1812,7 +1812,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
# CONFIG_HARDENED_USERCOPY is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SELINUX is not set
CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
Expand All @@ -1823,7 +1823,7 @@ CONFIG_FORTIFY_SOURCE=y
# CONFIG_SECURITY_LANDLOCK is not set
# CONFIG_INTEGRITY is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf"
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,bpf"

#
# Kernel hardening options
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,17 @@ TODO - implement remote [get|set]sockopt

Signed-off-by: Sergio Lopez <slp@redhat.com>
---
include/linux/socket.h | 4 +-
net/Kconfig | 1 +
net/Makefile | 1 +
net/socket.c | 1 +
net/tsi/Kconfig | 7 +
net/tsi/Makefile | 4 +
net/tsi/af_tsi.c | 1280 ++++++++++++++++++++++++++++++++++++++++
net/tsi/af_tsi.h | 100 ++++
8 files changed, 1397 insertions(+), 1 deletion(-)
include/linux/socket.h | 4 +-
net/Kconfig | 1 +
net/Makefile | 1 +
net/socket.c | 1 +
net/tsi/Kconfig | 7 +
net/tsi/Makefile | 4 +
net/tsi/af_tsi.c | 1280 +++++++++++++++++++++++++++
net/tsi/af_tsi.h | 100 +++
security/selinux/hooks.c | 2 +-
security/selinux/include/classmap.h | 2 +-
10 files changed, 1399 insertions(+), 3 deletions(-)
create mode 100644 net/tsi/Kconfig
create mode 100644 net/tsi/Makefile
create mode 100644 net/tsi/af_tsi.c
Expand Down Expand Up @@ -1507,6 +1509,31 @@ index 000000000000..cf381734bebe
+} __attribute__((packed));
+
+#endif
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 53cfeefb2f19..428801687e5c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1295,7 +1295,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_XDP_SOCKET;
case PF_MCTP:
return SECCLASS_MCTP_SOCKET;
-#if PF_MAX > 46
+#if PF_MAX > 47
#error New address family defined, please update this function.
#endif
}
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index a3c380775d41..06cb017611f8 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -259,6 +259,6 @@ const struct security_class_mapping secclass_map[] = {
{ NULL }
};

-#if PF_MAX > 46
+#if PF_MAX > 47
#error New address family defined, please update secclass_map.
#endif
--
2.43.0

Loading