[arch-commits] Commit in linux-hardened/trunk (PKGBUILD config.x86_64)
Daniel Micay
thestinger at archlinux.org
Sun May 7 17:21:14 UTC 2017
Date: Sunday, May 7, 2017 @ 17:21:13
Author: thestinger
Revision: 227290
upgpkg: linux-hardened 4.11.c-2
Modified:
linux-hardened/trunk/PKGBUILD
linux-hardened/trunk/config.x86_64
---------------+
PKGBUILD | 4 ++--
config.x86_64 | 23 ++++++++++++++++++++---
2 files changed, 22 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-05-07 17:18:06 UTC (rev 227289)
+++ PKGBUILD 2017-05-07 17:21:13 UTC (rev 227290)
@@ -7,7 +7,7 @@
_srcname=linux-4.11
_pkgver=4.11
pkgver=$_pkgver.c
-pkgrel=1
+pkgrel=2
arch=('x86_64')
url="https://github.com/thestinger/linux-hardened"
license=('GPL2')
@@ -30,7 +30,7 @@
'SKIP'
'602e0ede11096cd62ff209164482619cfbaf7f27d158d8b9c48965c0442310e1'
'SKIP'
- 'bce07be0fa0240a69532121f03597d945eac818b425316fb59033d34b4ad876d'
+ '2363e6be46a01e71d860adcf0a3cfae50e7adb54ffd9b38b05e9e394329cc8b6'
'834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
validpgpkeys=(
Modified: config.x86_64
===================================================================
--- config.x86_64 2017-05-07 17:18:06 UTC (rev 227289)
+++ config.x86_64 2017-05-07 17:21:13 UTC (rev 227290)
@@ -76,8 +76,11 @@
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
-# CONFIG_AUDIT is not set
+CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
#
# IRQ subsystem
@@ -628,7 +631,9 @@
# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
CONFIG_LEGACY_VSYSCALL_NONE=y
-# CONFIG_CMDLINE_BOOL is not set
+CONFIG_CMDLINE_BOOL=y
+CONFIG_CMDLINE="audit=0"
+# CONFIG_CMDLINE_OVERRIDE is not set
# CONFIG_MODIFY_LDT_SYSCALL is not set
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
@@ -1071,6 +1076,7 @@
#
# Xtables targets
#
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
@@ -7803,9 +7809,11 @@
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
-# CONFIG_SECURITY_NETWORK is not set
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY=y
@@ -7813,6 +7821,13 @@
CONFIG_SANITIZE_PAGE=y
CONFIG_SANITIZE_PAGE_VERIFY=y
# CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
@@ -7820,8 +7835,10 @@
CONFIG_SECURITY_YAMA=y
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
More information about the arch-commits
mailing list