From b16b08b24aec5779d9ed245e8c06c7e1971a291f Mon Sep 17 00:00:00 2001 From: Jan Alexander Steffens Date: Tue, 9 Apr 2019 21:53:11 +0000 Subject: [PATCH] FS#42910: Enable TOMOYO and SMACK --- PKGBUILD | 2 +- config | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/PKGBUILD b/PKGBUILD index 69c55ed..1895ca0 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -26,7 +26,7 @@ validpgpkeys=( '8218F88849AAC522E94CF470A5E9288C4FA415FA' # Jan Alexander Steffens (heftig) ) sha256sums=('SKIP' - 'df2ce998b050c707950c555f7f6ec0efcb8498fca10b4bce45f681844c8aa0ab' + 'fdb355884faa86a2f9725d09657c9c32573b0f1e8bb31416823d1198bcb2f80d' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65') diff --git a/config b/config index a0224e5..d673f81 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.0.0-arch1 Kernel Configuration +# Linux/x86 5.0.7-arch1 Kernel Configuration # # @@ -9271,8 +9271,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 -# CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_SMACK=y +CONFIG_SECURITY_SMACK_BRINGUP=y +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y +CONFIG_SECURITY_TOMOYO=y +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y @@ -9286,6 +9294,8 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA is not set # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY=""