From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 4/5] kernel: update config (disable AUDIT subsys)
Date: Thu, 07 Sep 2017 21:54:38 +0000 [thread overview]
Message-ID: <1504821279-1877-4-git-send-email-arne_f@ipfire.org> (raw)
In-Reply-To: <1504821279-1877-1-git-send-email-arne_f@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 5179 bytes --]
audit support was removed from the userspace so also the kernel not need it anymore.
fixes #11465
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
---
kernel/config-arm-generic | 11 +++++------
kernel/config-arm64-generic | 3 +--
kernel/config-generic | 28 +++++++---------------------
kernel/config-x86-generic | 7 ++++++-
kernel/kernel.nm | 1 -
5 files changed, 19 insertions(+), 31 deletions(-)
diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic
index 8f7f464..130c530 100644
--- a/kernel/config-arm-generic
+++ b/kernel/config-arm-generic
@@ -428,6 +428,11 @@ CONFIG_DRM_MESON=m
CONFIG_DRM_MESON_DW_HDMI=m
#
+# Frame buffer Devices
+#
+# CONFIG_FB_BOOT_VESA_SUPPORT is not set
+
+#
# Frame buffer hardware drivers
#
# CONFIG_FB_ARMCLCD is not set
@@ -725,11 +730,6 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=21
# CONFIG_CORESIGHT is not set
#
-# Security options
-#
-CONFIG_LSM_MMAP_MIN_ADDR=32768
-
-#
# Crypto core or helper
#
CONFIG_CRYPTO_GF128MUL=m
@@ -748,5 +748,4 @@ CONFIG_CRYPTO_CHACHA20_NEON=m
#
# Library routines
#
-CONFIG_AUDIT_GENERIC=y
CONFIG_LIBFDT=y
diff --git a/kernel/config-arm64-generic b/kernel/config-arm64-generic
index 208c138..ef5aca3 100644
--- a/kernel/config-arm64-generic
+++ b/kernel/config-arm64-generic
@@ -400,7 +400,7 @@ CONFIG_HISI_KIRIN_DW_DSI=m
#
# Frame buffer hardware drivers
#
-# CONFIG_FB_EFI is not set
+CONFIG_FB_EFI=y
#
# Console display driver support
@@ -709,6 +709,5 @@ CONFIG_CRYPTO_AES_ARM64_BS=m
# Library routines
#
CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y
-CONFIG_AUDIT_COMPAT_GENERIC=y
CONFIG_HAS_IOPORT_MAP=y
CONFIG_UCS2_STRING=y
diff --git a/kernel/config-generic b/kernel/config-generic
index 5fac561..c151769 100644
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -34,11 +34,8 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
-CONFIG_AUDIT=y
+# CONFIG_AUDIT is not set
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT_WATCH=y
-CONFIG_AUDIT_TREE=y
#
# IRQ subsystem
@@ -697,7 +694,6 @@ CONFIG_NETFILTER_XT_SET=m
#
# Xtables targets
#
-CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
@@ -3795,10 +3791,9 @@ CONFIG_FIRMWARE_EDID=y
CONFIG_FB_CMDLINE=y
CONFIG_FB_NOTIFY=y
# CONFIG_FB_DDC is not set
-CONFIG_FB_BOOT_VESA_SUPPORT=y
-CONFIG_FB_CFB_FILLRECT=m
-CONFIG_FB_CFB_COPYAREA=m
-CONFIG_FB_CFB_IMAGEBLIT=m
+CONFIG_FB_CFB_FILLRECT=y
+CONFIG_FB_CFB_COPYAREA=y
+CONFIG_FB_CFB_IMAGEBLIT=y
# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
CONFIG_FB_SYS_FILLRECT=m
CONFIG_FB_SYS_COPYAREA=m
@@ -5578,7 +5573,7 @@ CONFIG_ENCRYPTED_KEYS=m
# CONFIG_KEY_DH_OPERATIONS is not set
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY=y
-CONFIG_SECURITY_WRITABLE_HOOKS=y
+# CONFIG_SECURITY_WRITABLE_HOOKS is not set
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
@@ -5587,13 +5582,6 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_PAGESPAN=y
# CONFIG_STATIC_USERMODEHELPER is not set
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
@@ -5603,12 +5591,10 @@ CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="selinux"
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m
diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic
index 50318e3..1ed2ee2 100644
--- a/kernel/config-x86-generic
+++ b/kernel/config-x86-generic
@@ -1106,6 +1106,11 @@ CONFIG_DRM_VMWGFX=m
CONFIG_HSA_AMD=m
#
+# Frame buffer Devices
+#
+CONFIG_FB_BOOT_VESA_SUPPORT=y
+
+#
# Frame buffer hardware drivers
#
# CONFIG_FB_ARC is not set
@@ -1482,6 +1487,7 @@ CONFIG_EFIVAR_FS=m
#
# Compile-time checks and compiler options
#
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
CONFIG_STACK_VALIDATION=y
@@ -1553,7 +1559,6 @@ CONFIG_OPTIMIZE_INLINING=y
#
CONFIG_KEYS_COMPAT=y
CONFIG_INTEL_TXT=y
-CONFIG_LSM_MMAP_MIN_ADDR=65536
#
# Crypto core or helper
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index 0724d4d..4936b6a 100644
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -33,7 +33,6 @@ build
requires
asciidoc
- audit-devel
bc
binutils >= 2.25
binutils-devel
--
2.6.3
next prev parent reply other threads:[~2017-09-07 21:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 21:54 [PATCH 1/5] kernel: update to 4.12.8 Arne Fitzenreiter
2017-09-07 21:54 ` [PATCH 2/5] kernel: update to 4.12.9 Arne Fitzenreiter
2017-09-07 21:54 ` [PATCH 3/5] kernel: update to 4.12.10 Arne Fitzenreiter
2017-09-07 21:54 ` Arne Fitzenreiter [this message]
2017-09-07 21:54 ` [PATCH 5/5] kernel: update to 4.12.11 Arne Fitzenreiter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1504821279-1877-4-git-send-email-arne_f@ipfire.org \
--to=arne_f@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox