mirror of
https://abf.rosa.ru/djam/kernel-5.10.git
synced 2025-02-25 01:32:48 +00:00
Enabled INTEGRITY and IMA
This helps unify the kernels for the ordinary systems and for the certified systems a bit more.
This commit is contained in:
parent
61fcf120c7
commit
457c8e99e4
2 changed files with 34 additions and 4 deletions
|
@ -8084,7 +8084,22 @@ CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
|
||||||
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
|
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
|
||||||
# CONFIG_SECURITY_APPARMOR is not set
|
# CONFIG_SECURITY_APPARMOR is not set
|
||||||
# CONFIG_SECURITY_YAMA is not set
|
# CONFIG_SECURITY_YAMA is not set
|
||||||
# CONFIG_INTEGRITY is not set
|
CONFIG_INTEGRITY=y
|
||||||
|
# CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not set
|
||||||
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
|
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||||
|
CONFIG_IMA=y
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA1=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
# CONFIG_EVM is not set
|
||||||
|
# CONFIG_IMA_APPRAISE is not set
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
# CONFIG_IMA_READ_POLICY is not set
|
||||||
CONFIG_DEFAULT_SECURITY_TOMOYO=y
|
CONFIG_DEFAULT_SECURITY_TOMOYO=y
|
||||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||||
CONFIG_DEFAULT_SECURITY="tomoyo"
|
CONFIG_DEFAULT_SECURITY="tomoyo"
|
||||||
|
@ -8268,7 +8283,7 @@ CONFIG_VIRTUALIZATION=y
|
||||||
CONFIG_KVM=m
|
CONFIG_KVM=m
|
||||||
CONFIG_KVM_INTEL=m
|
CONFIG_KVM_INTEL=m
|
||||||
CONFIG_KVM_AMD=m
|
CONFIG_KVM_AMD=m
|
||||||
# CONFIG_KVM_MMU_AUDIT is not set
|
CONFIG_KVM_MMU_AUDIT=y
|
||||||
CONFIG_KVM_DEVICE_ASSIGNMENT=y
|
CONFIG_KVM_DEVICE_ASSIGNMENT=y
|
||||||
CONFIG_LGUEST=m
|
CONFIG_LGUEST=m
|
||||||
CONFIG_BINARY_PRINTF=y
|
CONFIG_BINARY_PRINTF=y
|
||||||
|
|
|
@ -7884,7 +7884,22 @@ CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
|
||||||
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
|
CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
|
||||||
# CONFIG_SECURITY_APPARMOR is not set
|
# CONFIG_SECURITY_APPARMOR is not set
|
||||||
# CONFIG_SECURITY_YAMA is not set
|
# CONFIG_SECURITY_YAMA is not set
|
||||||
# CONFIG_INTEGRITY is not set
|
CONFIG_INTEGRITY=y
|
||||||
|
# CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not set
|
||||||
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
|
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||||
|
CONFIG_IMA=y
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA1=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
# CONFIG_EVM is not set
|
||||||
|
# CONFIG_IMA_APPRAISE is not set
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
# CONFIG_IMA_READ_POLICY is not set
|
||||||
CONFIG_DEFAULT_SECURITY_TOMOYO=y
|
CONFIG_DEFAULT_SECURITY_TOMOYO=y
|
||||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||||
CONFIG_DEFAULT_SECURITY="tomoyo"
|
CONFIG_DEFAULT_SECURITY="tomoyo"
|
||||||
|
@ -8087,7 +8102,7 @@ CONFIG_VIRTUALIZATION=y
|
||||||
CONFIG_KVM=m
|
CONFIG_KVM=m
|
||||||
CONFIG_KVM_INTEL=m
|
CONFIG_KVM_INTEL=m
|
||||||
CONFIG_KVM_AMD=m
|
CONFIG_KVM_AMD=m
|
||||||
# CONFIG_KVM_MMU_AUDIT is not set
|
CONFIG_KVM_MMU_AUDIT=y
|
||||||
CONFIG_KVM_DEVICE_ASSIGNMENT=y
|
CONFIG_KVM_DEVICE_ASSIGNMENT=y
|
||||||
CONFIG_BINARY_PRINTF=y
|
CONFIG_BINARY_PRINTF=y
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue