From: Ondrej Mosnacek <omosn...@redhat.com> configs: clean up LSM configs
1. Move CONFIG_SECURITY_LOCKDOWN_LSM from pending-common/ to ark/ - there is no incentive to enable it in ELN/RHEL at the moment. 2. Remove ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE - this config has been removed upstream. 3. Deduplicate default value of CONFIG_LSM_MMAP_MIN_ADDR - set it to 65536 under common/ and only override it in fedora/generic/arm/armv7/. 4. Trim LSMs that are not build-enabled from CONFIG_LSM on Fedora - and since it then becomes the same as the ARK setting, unify it under common/. Signed-off-by: Ondrej Mosnacek <omosn...@redhat.com> diff a/redhat/configs/pending-common/generic/CONFIG_SECURITY_LOCKDOWN_LSM b/redhat/configs/ark/generic/CONFIG_SECURITY_LOCKDOWN_LSM --- a/redhat/configs/pending-common/generic/CONFIG_SECURITY_LOCKDOWN_LSM +++ b/redhat/configs/ark/generic/CONFIG_SECURITY_LOCKDOWN_LSM diff a/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE b/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE --- a/redhat/configs/ark/generic/CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 diff a/redhat/configs/ark/generic/CONFIG_LSM b/redhat/configs/common/generic/CONFIG_LSM --- a/redhat/configs/ark/generic/CONFIG_LSM +++ b/redhat/configs/common/generic/CONFIG_LSM diff a/redhat/configs/ark/generic/CONFIG_LSM_MMAP_MIN_ADDR b/redhat/configs/common/generic/CONFIG_LSM_MMAP_MIN_ADDR --- a/redhat/configs/ark/generic/CONFIG_LSM_MMAP_MIN_ADDR +++ b/redhat/configs/common/generic/CONFIG_LSM_MMAP_MIN_ADDR diff a/redhat/configs/fedora/generic/CONFIG_LSM b/redhat/configs/fedora/generic/CONFIG_LSM --- a/redhat/configs/fedora/generic/CONFIG_LSM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" diff a/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR b/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR --- a/redhat/configs/fedora/generic/CONFIG_LSM_MMAP_MIN_ADDR +++ /dev/null @@ -1 +0,0 @@ -CONFIG_LSM_MMAP_MIN_ADDR=65536 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/922 _______________________________________________ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
