Skip to content

Commit dd8c642

Browse files
pelwellpopcornmix
pelwell
authored and
popcornmix
committed
configs: Include AppArmor support
AppArmor security has been a long-requested feature. This commit adds the config settings necessary to allow it to be enabled at boot time using the kernel command line (cmdline.txt) - just include: lsm="apparmor" The commit also includes a few settings to give better control over processes or containers. See: #1698 Signed-off-by: Jean-Christophe Berthon <[email protected]> Signed-off-by: Phil Elwell <[email protected]>
1 parent 23093cd commit dd8c642

File tree

5 files changed

+32
-3
lines changed

5 files changed

+32
-3
lines changed

arch/arm/configs/bcm2709_defconfig

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
1616
CONFIG_IKCONFIG_PROC=y
1717
CONFIG_MEMCG=y
1818
CONFIG_BLK_CGROUP=y
19+
CONFIG_CFS_BANDWIDTH=y
1920
CONFIG_CGROUP_PIDS=y
2021
CONFIG_CGROUP_FREEZER=y
2122
CONFIG_CPUSETS=y
2223
CONFIG_CGROUP_DEVICE=y
2324
CONFIG_CGROUP_CPUACCT=y
25+
CONFIG_CGROUP_PERF=y
2426
CONFIG_CGROUP_BPF=y
2527
CONFIG_NAMESPACES=y
2628
CONFIG_USER_NS=y
@@ -390,6 +392,7 @@ CONFIG_NET_ACT_SKBEDIT=m
390392
CONFIG_NET_ACT_CSUM=m
391393
CONFIG_BATMAN_ADV=m
392394
CONFIG_OPENVSWITCH=m
395+
CONFIG_CGROUP_NET_PRIO=y
393396
CONFIG_NET_PKTGEN=m
394397
CONFIG_HAMRADIO=y
395398
CONFIG_AX25=m
@@ -1429,7 +1432,9 @@ CONFIG_NLS_ISO8859_15=m
14291432
CONFIG_NLS_KOI8_R=m
14301433
CONFIG_NLS_KOI8_U=m
14311434
CONFIG_DLM=m
1432-
# CONFIG_SECURITYFS is not set
1435+
CONFIG_SECURITY=y
1436+
CONFIG_SECURITY_APPARMOR=y
1437+
CONFIG_LSM=""
14331438
CONFIG_CRYPTO_USER=m
14341439
CONFIG_CRYPTO_XCBC=m
14351440
CONFIG_CRYPTO_TGR192=m

arch/arm/configs/bcm2711_defconfig

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
1616
CONFIG_IKCONFIG_PROC=y
1717
CONFIG_MEMCG=y
1818
CONFIG_BLK_CGROUP=y
19+
CONFIG_CFS_BANDWIDTH=y
1920
CONFIG_CGROUP_PIDS=y
2021
CONFIG_CGROUP_FREEZER=y
2122
CONFIG_CPUSETS=y
2223
CONFIG_CGROUP_DEVICE=y
2324
CONFIG_CGROUP_CPUACCT=y
25+
CONFIG_CGROUP_PERF=y
2426
CONFIG_CGROUP_BPF=y
2527
CONFIG_NAMESPACES=y
2628
CONFIG_USER_NS=y
@@ -390,6 +392,7 @@ CONFIG_NET_ACT_SKBEDIT=m
390392
CONFIG_NET_ACT_CSUM=m
391393
CONFIG_BATMAN_ADV=m
392394
CONFIG_OPENVSWITCH=m
395+
CONFIG_CGROUP_NET_PRIO=y
393396
CONFIG_NET_PKTGEN=m
394397
CONFIG_HAMRADIO=y
395398
CONFIG_AX25=m
@@ -1452,6 +1455,9 @@ CONFIG_NLS_ISO8859_15=m
14521455
CONFIG_NLS_KOI8_R=m
14531456
CONFIG_NLS_KOI8_U=m
14541457
CONFIG_DLM=m
1458+
CONFIG_SECURITY=y
1459+
CONFIG_SECURITY_APPARMOR=y
1460+
CONFIG_LSM=""
14551461
CONFIG_CRYPTO_USER=m
14561462
CONFIG_CRYPTO_XCBC=m
14571463
CONFIG_CRYPTO_TGR192=m

arch/arm/configs/bcmrpi_defconfig

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,12 @@ CONFIG_IKCONFIG=m
1515
CONFIG_IKCONFIG_PROC=y
1616
CONFIG_MEMCG=y
1717
CONFIG_BLK_CGROUP=y
18+
CONFIG_CFS_BANDWIDTH=y
19+
CONFIG_CGROUP_PIDS=y
1820
CONFIG_CGROUP_FREEZER=y
1921
CONFIG_CGROUP_DEVICE=y
2022
CONFIG_CGROUP_CPUACCT=y
23+
CONFIG_CGROUP_PERF=y
2124
CONFIG_CGROUP_BPF=y
2225
CONFIG_NAMESPACES=y
2326
CONFIG_USER_NS=y
@@ -383,6 +386,7 @@ CONFIG_NET_ACT_SKBEDIT=m
383386
CONFIG_NET_ACT_CSUM=m
384387
CONFIG_BATMAN_ADV=m
385388
CONFIG_OPENVSWITCH=m
389+
CONFIG_CGROUP_NET_PRIO=y
386390
CONFIG_NET_PKTGEN=m
387391
CONFIG_HAMRADIO=y
388392
CONFIG_AX25=m
@@ -1437,7 +1441,9 @@ CONFIG_NLS_ISO8859_15=m
14371441
CONFIG_NLS_KOI8_R=m
14381442
CONFIG_NLS_KOI8_U=m
14391443
CONFIG_DLM=m
1440-
# CONFIG_SECURITYFS is not set
1444+
CONFIG_SECURITY=y
1445+
CONFIG_SECURITY_APPARMOR=y
1446+
CONFIG_LSM=""
14411447
CONFIG_CRYPTO_USER=m
14421448
CONFIG_CRYPTO_CRYPTD=m
14431449
CONFIG_CRYPTO_CBC=y

arch/arm64/configs/bcm2711_defconfig

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,13 @@ CONFIG_IKCONFIG=m
1414
CONFIG_IKCONFIG_PROC=y
1515
CONFIG_MEMCG=y
1616
CONFIG_BLK_CGROUP=y
17+
CONFIG_CFS_BANDWIDTH=y
1718
CONFIG_CGROUP_PIDS=y
1819
CONFIG_CGROUP_FREEZER=y
1920
CONFIG_CPUSETS=y
2021
CONFIG_CGROUP_DEVICE=y
2122
CONFIG_CGROUP_CPUACCT=y
23+
CONFIG_CGROUP_PERF=y
2224
CONFIG_CGROUP_BPF=y
2325
CONFIG_NAMESPACES=y
2426
CONFIG_USER_NS=y
@@ -386,6 +388,7 @@ CONFIG_NET_ACT_SKBEDIT=m
386388
CONFIG_NET_ACT_CSUM=m
387389
CONFIG_BATMAN_ADV=m
388390
CONFIG_OPENVSWITCH=m
391+
CONFIG_CGROUP_NET_PRIO=y
389392
CONFIG_NET_PKTGEN=m
390393
CONFIG_HAMRADIO=y
391394
CONFIG_AX25=m
@@ -1456,6 +1459,9 @@ CONFIG_NLS_ISO8859_15=m
14561459
CONFIG_NLS_KOI8_R=m
14571460
CONFIG_NLS_KOI8_U=m
14581461
CONFIG_DLM=m
1462+
CONFIG_SECURITY=y
1463+
CONFIG_SECURITY_APPARMOR=y
1464+
CONFIG_LSM=""
14591465
CONFIG_CRYPTO_USER=m
14601466
CONFIG_CRYPTO_XCBC=m
14611467
CONFIG_CRYPTO_TGR192=m

arch/arm64/configs/bcmrpi3_defconfig

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,13 @@ CONFIG_IKCONFIG=m
1515
CONFIG_IKCONFIG_PROC=y
1616
CONFIG_MEMCG=y
1717
CONFIG_BLK_CGROUP=y
18+
CONFIG_CFS_BANDWIDTH=y
19+
CONFIG_CGROUP_PIDS=y
1820
CONFIG_CGROUP_FREEZER=y
1921
CONFIG_CPUSETS=y
2022
CONFIG_CGROUP_DEVICE=y
2123
CONFIG_CGROUP_CPUACCT=y
24+
CONFIG_CGROUP_PERF=y
2225
CONFIG_CGROUP_BPF=y
2326
CONFIG_NAMESPACES=y
2427
CONFIG_USER_NS=y
@@ -382,6 +385,7 @@ CONFIG_NET_ACT_SKBEDIT=m
382385
CONFIG_NET_ACT_CSUM=m
383386
CONFIG_BATMAN_ADV=m
384387
CONFIG_OPENVSWITCH=m
388+
CONFIG_CGROUP_NET_PRIO=y
385389
CONFIG_NET_PKTGEN=m
386390
CONFIG_HAMRADIO=y
387391
CONFIG_AX25=m
@@ -1307,7 +1311,9 @@ CONFIG_NLS_ISO8859_15=m
13071311
CONFIG_NLS_KOI8_R=m
13081312
CONFIG_NLS_KOI8_U=m
13091313
CONFIG_DLM=m
1310-
# CONFIG_SECURITYFS is not set
1314+
CONFIG_SECURITY=y
1315+
CONFIG_SECURITY_APPARMOR=y
1316+
CONFIG_LSM=""
13111317
CONFIG_CRYPTO_USER=m
13121318
CONFIG_CRYPTO_XCBC=m
13131319
CONFIG_CRYPTO_TGR192=m

0 commit comments

Comments
 (0)