From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 08/13] kernel: Disable network security hooks
Date: Sat, 18 Sep 2021 16:23:16 +0000
Message-ID: <fb479331-74be-e166-2234-4db29265d425@ipfire.org>
In-Reply-To: <20210917114229.10704-8-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7616869010312188803=="
List-Id: <development.lists.ipfire.org>

--===============7616869010312188803==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Acked-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> This is a feature we do not use and it should therefore be disabled
>=20
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>   config/kernel/kernel.config.aarch64-ipfire | 3 +--
>   config/kernel/kernel.config.armv6l-ipfire  | 3 +--
>   config/kernel/kernel.config.i586-ipfire    | 3 +--
>   config/kernel/kernel.config.x86_64-ipfire  | 3 +--
>   4 files changed, 4 insertions(+), 8 deletions(-)
>=20
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/ker=
nel.config.aarch64-ipfire
> index dbd730e80..15f8cfc6b 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -7274,8 +7274,7 @@ CONFIG_KEYS=3Dy
>   CONFIG_SECURITY_DMESG_RESTRICT=3Dy
>   CONFIG_SECURITY=3Dy
>   CONFIG_SECURITYFS=3Dy
> -CONFIG_SECURITY_NETWORK=3Dy
> -CONFIG_SECURITY_NETWORK_XFRM=3Dy
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=3Dy
>   CONFIG_HARDENED_USERCOPY=3Dy
> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kern=
el.config.armv6l-ipfire
> index 93856d185..fc309c9b3 100644
> --- a/config/kernel/kernel.config.armv6l-ipfire
> +++ b/config/kernel/kernel.config.armv6l-ipfire
> @@ -7369,8 +7369,7 @@ CONFIG_KEYS=3Dy
>   CONFIG_SECURITY_DMESG_RESTRICT=3Dy
>   CONFIG_SECURITY=3Dy
>   CONFIG_SECURITYFS=3Dy
> -CONFIG_SECURITY_NETWORK=3Dy
> -CONFIG_SECURITY_NETWORK_XFRM=3Dy
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=3Dy
>   CONFIG_HARDENED_USERCOPY=3Dy
> diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel=
.config.i586-ipfire
> index 8c99e3a60..08df3d656 100644
> --- a/config/kernel/kernel.config.i586-ipfire
> +++ b/config/kernel/kernel.config.i586-ipfire
> @@ -6912,8 +6912,7 @@ CONFIG_ENCRYPTED_KEYS=3Dy
>   CONFIG_SECURITY_DMESG_RESTRICT=3Dy
>   CONFIG_SECURITY=3Dy
>   # CONFIG_SECURITYFS is not set
> -CONFIG_SECURITY_NETWORK=3Dy
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   # CONFIG_INTEL_TXT is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=3Dy
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kern=
el.config.x86_64-ipfire
> index f5c1fce9f..5f8711ac4 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6749,9 +6749,8 @@ CONFIG_KEYS=3Dy
>   CONFIG_SECURITY_DMESG_RESTRICT=3Dy
>   CONFIG_SECURITY=3Dy
>   CONFIG_SECURITYFS=3Dy
> -CONFIG_SECURITY_NETWORK=3Dy
> +# CONFIG_SECURITY_NETWORK is not set
>   CONFIG_PAGE_TABLE_ISOLATION=3Dy
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
>   # CONFIG_SECURITY_PATH is not set
>   # CONFIG_INTEL_TXT is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=3Dy
>=20

--===============7616869010312188803==--