From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 08/13] kernel: Disable network security hooks
Date: Sat, 18 Sep 2021 16:23:16 +0000 [thread overview]
Message-ID: <fb479331-74be-e166-2234-4db29265d425@ipfire.org> (raw)
In-Reply-To: <20210917114229.10704-8-michael.tremer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2927 bytes --]
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
> This is a feature we do not use and it should therefore be disabled
>
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 3 +--
> config/kernel/kernel.config.armv6l-ipfire | 3 +--
> config/kernel/kernel.config.i586-ipfire | 3 +--
> config/kernel/kernel.config.x86_64-ipfire | 3 +--
> 4 files changed, 4 insertions(+), 8 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index dbd730e80..15f8cfc6b 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -7274,8 +7274,7 @@ CONFIG_KEYS=y
> CONFIG_SECURITY_DMESG_RESTRICT=y
> CONFIG_SECURITY=y
> CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> -CONFIG_SECURITY_NETWORK_XFRM=y
> +# CONFIG_SECURITY_NETWORK is not set
> # CONFIG_SECURITY_PATH is not set
> CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
> CONFIG_HARDENED_USERCOPY=y
> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
> index 93856d185..fc309c9b3 100644
> --- a/config/kernel/kernel.config.armv6l-ipfire
> +++ b/config/kernel/kernel.config.armv6l-ipfire
> @@ -7369,8 +7369,7 @@ CONFIG_KEYS=y
> CONFIG_SECURITY_DMESG_RESTRICT=y
> CONFIG_SECURITY=y
> CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> -CONFIG_SECURITY_NETWORK_XFRM=y
> +# CONFIG_SECURITY_NETWORK is not set
> # CONFIG_SECURITY_PATH is not set
> CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
> CONFIG_HARDENED_USERCOPY=y
> diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
> index 8c99e3a60..08df3d656 100644
> --- a/config/kernel/kernel.config.i586-ipfire
> +++ b/config/kernel/kernel.config.i586-ipfire
> @@ -6912,8 +6912,7 @@ CONFIG_ENCRYPTED_KEYS=y
> CONFIG_SECURITY_DMESG_RESTRICT=y
> CONFIG_SECURITY=y
> # CONFIG_SECURITYFS is not set
> -CONFIG_SECURITY_NETWORK=y
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
> +# CONFIG_SECURITY_NETWORK is not set
> # CONFIG_SECURITY_PATH is not set
> # CONFIG_INTEL_TXT is not set
> CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index f5c1fce9f..5f8711ac4 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6749,9 +6749,8 @@ CONFIG_KEYS=y
> CONFIG_SECURITY_DMESG_RESTRICT=y
> CONFIG_SECURITY=y
> CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> +# CONFIG_SECURITY_NETWORK is not set
> CONFIG_PAGE_TABLE_ISOLATION=y
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
> # CONFIG_SECURITY_PATH is not set
> # CONFIG_INTEL_TXT is not set
> CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
>
next prev parent reply other threads:[~2021-09-18 16:23 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 11:42 [PATCH 01/13] kernel: Change timer tick to 1000Hz Michael Tremer
2021-09-17 11:42 ` [PATCH 02/13] kernel: Disable suspending systems to RAM Michael Tremer
2021-09-18 16:09 ` Peter Müller
2021-09-17 11:42 ` [PATCH 03/13] kernel: Disable IRQ time accounting Michael Tremer
2021-09-18 16:10 ` Peter Müller
2021-09-17 11:42 ` [PATCH 04/13] kernel: Enable Pressure Stall Information Michael Tremer
2021-09-18 16:16 ` Peter Müller
2021-09-17 11:42 ` [PATCH 05/13] kernel: Disable SLUB debugging Michael Tremer
2021-09-18 16:27 ` Peter Müller
2021-09-21 9:42 ` Michael Tremer
2021-09-17 11:42 ` [PATCH 06/13] kernel: Disable any runtime testing Michael Tremer
2021-09-18 16:24 ` Peter Müller
2021-09-17 11:42 ` [PATCH 07/13] kernel: Disable OpenvSwitch Michael Tremer
2021-09-18 16:10 ` Peter Müller
2021-09-17 11:42 ` [PATCH 08/13] kernel: Disable network security hooks Michael Tremer
2021-09-18 16:23 ` Peter Müller [this message]
2021-09-17 11:42 ` [PATCH 09/13] kernel: Enable frontswap Michael Tremer
2021-09-18 16:20 ` Peter Müller
2021-09-17 11:42 ` [PATCH 10/13] kernel: Enable ExFAT on all architectures Michael Tremer
2021-09-18 16:10 ` Peter Müller
2021-09-20 13:48 ` Adolf Belka
2021-09-17 11:42 ` [PATCH 11/13] kernel: Enable support for TPM hardware Michael Tremer
2021-09-18 16:15 ` Peter Müller
2021-09-21 9:50 ` Michael Tremer
2021-09-21 11:40 ` Adolf Belka
2021-09-21 12:31 ` Adolf Belka
2021-10-01 17:25 ` Michael Tremer
2021-09-17 11:42 ` [PATCH 12/13] kernel: Zero-init all stack variables by default Michael Tremer
2021-09-18 16:11 ` Peter Müller
2021-09-21 9:50 ` Michael Tremer
2021-09-17 11:42 ` [PATCH 13/13] kernel: Enable all cgroups on all architectures Michael Tremer
2021-09-18 16:15 ` Peter Müller
2021-09-18 16:09 ` [PATCH 01/13] kernel: Change timer tick to 1000Hz Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb479331-74be-e166-2234-4db29265d425@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox