Skip to content

Commit 6f477e1

Browse files
pelwellpelwell
committed
configs: Include AppArmor support
AppArmor security has been a long-requested feature. This commit adds the config settings necessary to allow it to be enabled at boot time using the kernel command line (cmdline.txt) - just include: lsm="apparmor" The commit also includes a few settings to give better control over processes or containers. See: #1698 Signed-off-by: Jean-Christophe Berthon <[email protected]> Signed-off-by: Phil Elwell <[email protected]>
1 parent 0dc2aa5 commit 6f477e1

File tree

5 files changed

+32
-3
lines changed

5 files changed

+32
-3
lines changed

arch/arm/configs/bcm2709_defconfig

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
1616
CONFIG_IKCONFIG_PROC=y
1717
CONFIG_MEMCG=y
1818
CONFIG_BLK_CGROUP=y
19+
CONFIG_CFS_BANDWIDTH=y
1920
CONFIG_CGROUP_PIDS=y
2021
CONFIG_CGROUP_FREEZER=y
2122
CONFIG_CPUSETS=y
2223
CONFIG_CGROUP_DEVICE=y
2324
CONFIG_CGROUP_CPUACCT=y
25+
CONFIG_CGROUP_PERF=y
2426
CONFIG_CGROUP_BPF=y
2527
CONFIG_NAMESPACES=y
2628
CONFIG_USER_NS=y
@@ -393,6 +395,7 @@ CONFIG_NET_ACT_SKBEDIT=m
393395
CONFIG_NET_ACT_CSUM=m
394396
CONFIG_BATMAN_ADV=m
395397
CONFIG_OPENVSWITCH=m
398+
CONFIG_CGROUP_NET_PRIO=y
396399
CONFIG_NET_PKTGEN=m
397400
CONFIG_HAMRADIO=y
398401
CONFIG_AX25=m
@@ -1436,7 +1439,9 @@ CONFIG_NLS_ISO8859_15=m
14361439
CONFIG_NLS_KOI8_R=m
14371440
CONFIG_NLS_KOI8_U=m
14381441
CONFIG_DLM=m
1439-
# CONFIG_SECURITYFS is not set
1442+
CONFIG_SECURITY=y
1443+
CONFIG_SECURITY_APPARMOR=y
1444+
CONFIG_LSM=""
14401445
CONFIG_CRYPTO_USER=m
14411446
CONFIG_CRYPTO_XCBC=m
14421447
CONFIG_CRYPTO_TGR192=m

arch/arm/configs/bcm2711_defconfig

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
1616
CONFIG_IKCONFIG_PROC=y
1717
CONFIG_MEMCG=y
1818
CONFIG_BLK_CGROUP=y
19+
CONFIG_CFS_BANDWIDTH=y
1920
CONFIG_CGROUP_PIDS=y
2021
CONFIG_CGROUP_FREEZER=y
2122
CONFIG_CPUSETS=y
2223
CONFIG_CGROUP_DEVICE=y
2324
CONFIG_CGROUP_CPUACCT=y
25+
CONFIG_CGROUP_PERF=y
2426
CONFIG_CGROUP_BPF=y
2527
CONFIG_NAMESPACES=y
2628
CONFIG_USER_NS=y
@@ -394,6 +396,7 @@ CONFIG_NET_ACT_SKBEDIT=m
394396
CONFIG_NET_ACT_CSUM=m
395397
CONFIG_BATMAN_ADV=m
396398
CONFIG_OPENVSWITCH=m
399+
CONFIG_CGROUP_NET_PRIO=y
397400
CONFIG_NET_PKTGEN=m
398401
CONFIG_HAMRADIO=y
399402
CONFIG_AX25=m
@@ -1472,6 +1475,9 @@ CONFIG_NLS_ISO8859_15=m
14721475
CONFIG_NLS_KOI8_R=m
14731476
CONFIG_NLS_KOI8_U=m
14741477
CONFIG_DLM=m
1478+
CONFIG_SECURITY=y
1479+
CONFIG_SECURITY_APPARMOR=y
1480+
CONFIG_LSM=""
14751481
CONFIG_CRYPTO_USER=m
14761482
CONFIG_CRYPTO_XCBC=m
14771483
CONFIG_CRYPTO_TGR192=m

arch/arm/configs/bcmrpi_defconfig

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,12 @@ CONFIG_IKCONFIG=m
1515
CONFIG_IKCONFIG_PROC=y
1616
CONFIG_MEMCG=y
1717
CONFIG_BLK_CGROUP=y
18+
CONFIG_CFS_BANDWIDTH=y
19+
CONFIG_CGROUP_PIDS=y
1820
CONFIG_CGROUP_FREEZER=y
1921
CONFIG_CGROUP_DEVICE=y
2022
CONFIG_CGROUP_CPUACCT=y
23+
CONFIG_CGROUP_PERF=y
2124
CONFIG_CGROUP_BPF=y
2225
CONFIG_NAMESPACES=y
2326
CONFIG_USER_NS=y
@@ -386,6 +389,7 @@ CONFIG_NET_ACT_SKBEDIT=m
386389
CONFIG_NET_ACT_CSUM=m
387390
CONFIG_BATMAN_ADV=m
388391
CONFIG_OPENVSWITCH=m
392+
CONFIG_CGROUP_NET_PRIO=y
389393
CONFIG_NET_PKTGEN=m
390394
CONFIG_HAMRADIO=y
391395
CONFIG_AX25=m
@@ -1444,7 +1448,9 @@ CONFIG_NLS_ISO8859_15=m
14441448
CONFIG_NLS_KOI8_R=m
14451449
CONFIG_NLS_KOI8_U=m
14461450
CONFIG_DLM=m
1447-
# CONFIG_SECURITYFS is not set
1451+
CONFIG_SECURITY=y
1452+
CONFIG_SECURITY_APPARMOR=y
1453+
CONFIG_LSM=""
14481454
CONFIG_CRYPTO_USER=m
14491455
CONFIG_CRYPTO_CRYPTD=m
14501456
CONFIG_CRYPTO_CBC=y

arch/arm64/configs/bcm2711_defconfig

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,13 @@ CONFIG_IKCONFIG=m
1414
CONFIG_IKCONFIG_PROC=y
1515
CONFIG_MEMCG=y
1616
CONFIG_BLK_CGROUP=y
17+
CONFIG_CFS_BANDWIDTH=y
1718
CONFIG_CGROUP_PIDS=y
1819
CONFIG_CGROUP_FREEZER=y
1920
CONFIG_CPUSETS=y
2021
CONFIG_CGROUP_DEVICE=y
2122
CONFIG_CGROUP_CPUACCT=y
23+
CONFIG_CGROUP_PERF=y
2224
CONFIG_CGROUP_BPF=y
2325
CONFIG_NAMESPACES=y
2426
CONFIG_USER_NS=y
@@ -388,6 +390,7 @@ CONFIG_NET_ACT_SKBEDIT=m
388390
CONFIG_NET_ACT_CSUM=m
389391
CONFIG_BATMAN_ADV=m
390392
CONFIG_OPENVSWITCH=m
393+
CONFIG_CGROUP_NET_PRIO=y
391394
CONFIG_NET_PKTGEN=m
392395
CONFIG_HAMRADIO=y
393396
CONFIG_AX25=m
@@ -1462,6 +1465,9 @@ CONFIG_NLS_ISO8859_15=m
14621465
CONFIG_NLS_KOI8_R=m
14631466
CONFIG_NLS_KOI8_U=m
14641467
CONFIG_DLM=m
1468+
CONFIG_SECURITY=y
1469+
CONFIG_SECURITY_APPARMOR=y
1470+
CONFIG_LSM=""
14651471
CONFIG_CRYPTO_USER=m
14661472
CONFIG_CRYPTO_XCBC=m
14671473
CONFIG_CRYPTO_TGR192=m

arch/arm64/configs/bcmrpi3_defconfig

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,13 @@ CONFIG_IKCONFIG=m
1515
CONFIG_IKCONFIG_PROC=y
1616
CONFIG_MEMCG=y
1717
CONFIG_BLK_CGROUP=y
18+
CONFIG_CFS_BANDWIDTH=y
19+
CONFIG_CGROUP_PIDS=y
1820
CONFIG_CGROUP_FREEZER=y
1921
CONFIG_CPUSETS=y
2022
CONFIG_CGROUP_DEVICE=y
2123
CONFIG_CGROUP_CPUACCT=y
24+
CONFIG_CGROUP_PERF=y
2225
CONFIG_CGROUP_BPF=y
2326
CONFIG_NAMESPACES=y
2427
CONFIG_USER_NS=y
@@ -383,6 +386,7 @@ CONFIG_NET_ACT_SKBEDIT=m
383386
CONFIG_NET_ACT_CSUM=m
384387
CONFIG_BATMAN_ADV=m
385388
CONFIG_OPENVSWITCH=m
389+
CONFIG_CGROUP_NET_PRIO=y
386390
CONFIG_NET_PKTGEN=m
387391
CONFIG_HAMRADIO=y
388392
CONFIG_AX25=m
@@ -1312,7 +1316,9 @@ CONFIG_NLS_ISO8859_15=m
13121316
CONFIG_NLS_KOI8_R=m
13131317
CONFIG_NLS_KOI8_U=m
13141318
CONFIG_DLM=m
1315-
# CONFIG_SECURITYFS is not set
1319+
CONFIG_SECURITY=y
1320+
CONFIG_SECURITY_APPARMOR=y
1321+
CONFIG_LSM=""
13161322
CONFIG_CRYPTO_USER=m
13171323
CONFIG_CRYPTO_XCBC=m
13181324
CONFIG_CRYPTO_TGR192=m

0 commit comments

Comments
 (0)