Djam/kernel-5.10
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-5.10.git synced 2025-02-25 01:32:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix kernel opts for booting in enforcing selinux mode

Browse source 
1f5dcdbf22

eshatokhin@: CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE is not used since
mainline commit be6ec88f41ba "selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE",
so it is not set here.
This commit is contained in:
Mikhail Novosyolov 2019-10-07 01:35:53 +03:00 committed by Evgenii Shatokhin
parent 7a64052e96
commit d43e01981e
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
kernel.spec
View file

@ -706,10 +706,15 @@ sed -i 's/CONFIG_STACKPROTECTOR_STRONG=y/# CONFIG_STACKPROTECTOR_STRONG is not s
sed -i 's/# CONFIG_DEBUG_INFO is not set/CONFIG_DEBUG_INFO=y\nCONFIG_DEBUG_INFO_DWARF4=y\nCONFIG_GDB_SCRIPTS=y/' .config sed -i 's/# CONFIG_DEBUG_INFO is not set/CONFIG_DEBUG_INFO=y\nCONFIG_DEBUG_INFO_DWARF4=y\nCONFIG_GDB_SCRIPTS=y/' .config
%endif %endif
# Enable hardening features if requested.
%if %{enhanced_security} %if %{enhanced_security}
sed -i 's/# CONFIG_PAX_MEMORY_SANITIZE is not set/CONFIG_PAX_MEMORY_SANITIZE=y/' .config # seems to be needed to boot system in enforcing selinux mode
sed -i 's/# CONFIG_PAGE_POISONING is not set/CONFIG_PAGE_POISONING=y\nCONFIG_PAGE_POISONING_NO_SANITY=y/' .config # note: cpio fpormat of initramfs does not support xattrs without patches
# see also: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680315
sed -i '/CONFIG_SECURITY_SELINUX_DISABLE/d' .config
echo CONFIG_SECURITY_SELINUX_DISABLE=y >> .config
# enable selinux in kernel by default if not disabled explicitly
sed -i '/CONFIG_SECURITY_SELINUX_BOOTPARAM/d' .config
echo CONFIG_SECURITY_SELINUX_BOOTPARAM=y >> .config
%endif %endif
# Store the config file in the appropriate directory. # Store the config file in the appropriate directory.