diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-03-02 10:14:15 -0500 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-03-02 10:16:47 -0500 |
| commit | ebce054077d69a2ad55196985c64708a0601bbce (patch) | |
| tree | 7c1b8f68213f26cf1e596beabc7b8d36b177690d | |
| parent | e6b799b67d2dc6cc1491f78a1a89decfcaaf656b (diff) | |
| download | kernel-ebce054077d69a2ad55196985c64708a0601bbce.tar.gz kernel-ebce054077d69a2ad55196985c64708a0601bbce.tar.xz kernel-ebce054077d69a2ad55196985c64708a0601bbce.zip | |
Enable YAMA (rhbz 1196825)
| -rw-r--r-- | config-generic | 3 | ||||
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | security-yama-Remove-unnecessary-selects-from-Kconfi.patch | 28 |
3 files changed, 39 insertions, 1 deletions
diff --git a/config-generic b/config-generic index 275aa230e..c02128580 100644 --- a/config-generic +++ b/config-generic @@ -4546,7 +4546,8 @@ CONFIG_SECURITY_SELINUX_AVC_STATS=y # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set # CONFIG_SECURITY_APPARMOR is not set -# CONFIG_SECURITY_YAMA is not set +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_YAMA_STACKED=y CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y # http://lists.fedoraproject.org/pipermail/kernel/2013-February/004125.html diff --git a/kernel.spec b/kernel.spec index 4fc47f2cc..e2d82dc2c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -623,6 +623,9 @@ Patch26138: ext4-Allocate-entire-range-in-zero-range.patch #rhbz 1190947 Patch26139: Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch +#rhbz 1196825 +Patch26140: security-yama-Remove-unnecessary-selects-from-Kconfi.patch + # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch Patch30001: kernel-arm64-fix-psci-when-pg.patch @@ -1355,6 +1358,9 @@ ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch #rhbz 1190947 ApplyPatch Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch +#rhbz 1196825 +ApplyPatch security-yama-Remove-unnecessary-selects-from-Kconfi.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2215,6 +2221,9 @@ fi # # %changelog +* Mon Mar 02 2015 Josh Boyer <jwboyer@fedoraproject.org> +- Enable YAMA (rhbz 1196825) + * Sat Feb 28 2015 Peter Robinson <pbrobinson@fedoraproject.org> - ARMv7 OMAP updates, fix panda boot diff --git a/security-yama-Remove-unnecessary-selects-from-Kconfi.patch b/security-yama-Remove-unnecessary-selects-from-Kconfi.patch new file mode 100644 index 000000000..aa2a0d3c2 --- /dev/null +++ b/security-yama-Remove-unnecessary-selects-from-Kconfi.patch @@ -0,0 +1,28 @@ +From: Stephen Smalley <sds@tycho.nsa.gov> +Date: Fri, 27 Feb 2015 16:23:59 -0500 +Subject: [PATCH] security/yama: Remove unnecessary selects from Kconfig. + +Yama selects SECURITYFS and SECURITY_PATH, but requires neither. +Remove them. + +Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> +--- + security/yama/Kconfig | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 20ef5143c0c0..3123e1da2fed 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig +@@ -1,8 +1,6 @@ + config SECURITY_YAMA + bool "Yama support" + depends on SECURITY +- select SECURITYFS +- select SECURITY_PATH + default n + help + This selects Yama, which extends DAC support with additional +-- +2.1.0 + |