[arch-commits] Commit in linux/trunk (PKGBUILD config)

Jan Steffens heftig at archlinux.org
Mon Sep 3 19:15:27 UTC 2018 

    Date: Monday, September 3, 2018 @ 19:15:26
  Author: heftig
Revision: 333232

Revert "Enable TXT, SELinux and AppArmor"

All of these require significant userspace support. SELinux in
particular requires linking against its library in numerous places,
including coreutils. This makes making them available in the kernel of
dubious value. Still, AppArmor and SELinux are available in
linux-hardened for those who want it.

This reverts commit 8215d0422d37317bd154497a2240ebbdd14c131d.

Modified:
  linux/trunk/PKGBUILD
  linux/trunk/config

----------+
 PKGBUILD |    2 +-
 config   |   19 +++----------------
 2 files changed, 4 insertions(+), 17 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-09-03 18:44:47 UTC (rev 333231)
+++ PKGBUILD	2018-09-03 19:15:26 UTC (rev 333232)
@@ -27,7 +27,7 @@
   '8218F88849AAC522E94CF470A5E9288C4FA415FA'  # Jan Alexander Steffens (heftig)
 )
 sha256sums=('SKIP'
-            'd2e706aeae315a6837991e8653e873c3ed6ff1aef25a28b2442119fef7f27fe2'
+            '303aa10fe7596346a8c3f5ffe46f7528711c182d6576a47ec5d25d5dcce7b435'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')

Modified: config
===================================================================
--- config	2018-09-03 18:44:47 UTC (rev 333231)
+++ config	2018-09-03 19:15:26 UTC (rev 333232)
@@ -9255,8 +9255,7 @@
 CONFIG_SECURITY_INFINIBAND=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
-CONFIG_INTEL_TXT=y
-CONFIG_LSM_MMAP_MIN_ADDR=65536
+# CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
@@ -9263,25 +9262,13 @@
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+# CONFIG_SECURITY_SELINUX is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_APPARMOR_HASH=y
-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
-# CONFIG_SECURITY_APPARMOR_DEBUG is not set
+# CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 # CONFIG_INTEGRITY is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m

More information about the arch-commits mailing list