Partially fixes: #12431
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 1 + config/kernel/kernel.config.armv5tel-ipfire-multi | 1 + config/kernel/kernel.config.i586-ipfire | 1 + config/kernel/kernel.config.x86_64-ipfire | 1 + 4 files changed, 4 insertions(+)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index e0f2f6df8..5d51730f8 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -6563,6 +6563,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 15183300f..f5627ba31 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -7045,6 +7045,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 578931497..57b205ef3 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -6709,6 +6709,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 6a5fbbfe9..840995bfe 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6575,6 +6575,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper
Partially fixes: #12431
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 1 + config/kernel/kernel.config.armv5tel-ipfire-multi | 1 + config/kernel/kernel.config.i586-ipfire | 1 + config/kernel/kernel.config.x86_64-ipfire | 1 + 4 files changed, 4 insertions(+)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 5d51730f8..2ac186ce2 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -6564,6 +6564,7 @@ CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index f5627ba31..4df099a3a 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -7046,6 +7046,7 @@ CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 57b205ef3..43a61b4e5 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -6710,6 +6710,7 @@ CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 840995bfe..e4897226d 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6576,6 +6576,7 @@ CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# # Crypto core or helper
Partially fixes: #12431
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 1 + config/kernel/kernel.config.armv5tel-ipfire-multi | 1 + config/kernel/kernel.config.i586-ipfire | 1 + config/kernel/kernel.config.x86_64-ipfire | 1 + 4 files changed, 4 insertions(+)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 2ac186ce2..c8a907b43 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -6565,6 +6565,7 @@ CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 4df099a3a..b19e09287 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -7047,6 +7047,7 @@ CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 43a61b4e5..cb97445db 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -6711,6 +6711,7 @@ CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index e4897226d..01d637834 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6577,6 +6577,7 @@ CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y
# # Crypto core or helper
Again not supported with kernel 4.14! was added in 5.4
Arne
Am 2020-06-09 20:27, schrieb Peter Müller:
Partially fixes: #12431
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/kernel/kernel.config.aarch64-ipfire | 1 + config/kernel/kernel.config.armv5tel-ipfire-multi | 1 + config/kernel/kernel.config.i586-ipfire | 1 + config/kernel/kernel.config.x86_64-ipfire | 1 + 4 files changed, 4 insertions(+)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index e0f2f6df8..5d51730f8 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -6563,6 +6563,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 15183300f..f5627ba31 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -7045,6 +7045,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 578931497..57b205ef3 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -6709,6 +6709,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 6a5fbbfe9..840995bfe 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6575,6 +6575,7 @@ CONFIG_ASYNC_XOR=m CONFIG_ASYNC_PQ=m CONFIG_ASYNC_RAID6_RECOV=m CONFIG_CRYPTO=y +CONFIG_SECURITY_LOCKDOWN_LSM=y
# # Crypto core or helper
-
Arne Fitzenreiter -
Peter Müller