summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2021-03-25 11:39:54 -0500
committerJustin M. Forbes <jforbes@fedoraproject.org>2021-03-25 11:39:54 -0500
commit07405db22538d9e0d69ff13cdcf984aa2c1f6262 (patch)
treeb90287c0462f7582d67af797e6a2e1939e204b2d
parenta862662ed8c6219d4ff147cd99bd488ecf2f8cbf (diff)
downloadkernel-07405db22538d9e0d69ff13cdcf984aa2c1f6262.tar.gz
kernel-07405db22538d9e0d69ff13cdcf984aa2c1f6262.tar.xz
kernel-07405db22538d9e0d69ff13cdcf984aa2c1f6262.zip
kernel-5.12.0-0.rc4.20210325gite138138003eb.177
* Thu Mar 25 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210325gite138138003eb.177] - New configs in arch/powerpc (Fedora Kernel Team) - configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek) - configs: clean up LSM configs (Ondrej Mosnacek) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
-rw-r--r--Makefile.rhelver2
-rw-r--r--kernel-aarch64-debug-fedora.config4
-rw-r--r--kernel-aarch64-debug-rhel.config16
-rw-r--r--kernel-aarch64-fedora.config4
-rw-r--r--kernel-aarch64-rhel.config16
-rw-r--r--kernel-armv7hl-debug-fedora.config3
-rw-r--r--kernel-armv7hl-fedora.config3
-rw-r--r--kernel-armv7hl-lpae-debug-fedora.config3
-rw-r--r--kernel-armv7hl-lpae-fedora.config3
-rw-r--r--kernel-i686-debug-fedora.config7
-rw-r--r--kernel-i686-fedora.config7
-rw-r--r--kernel-ppc64le-debug-fedora.config5
-rw-r--r--kernel-ppc64le-debug-rhel.config19
-rw-r--r--kernel-ppc64le-fedora.config5
-rw-r--r--kernel-ppc64le-rhel.config19
-rw-r--r--kernel-s390x-debug-fedora.config5
-rw-r--r--kernel-s390x-debug-rhel.config17
-rw-r--r--kernel-s390x-fedora.config5
-rw-r--r--kernel-s390x-rhel.config17
-rw-r--r--kernel-s390x-zfcpdump-rhel.config17
-rw-r--r--kernel-x86_64-debug-fedora.config5
-rw-r--r--kernel-x86_64-debug-rhel.config14
-rw-r--r--kernel-x86_64-fedora.config5
-rw-r--r--kernel-x86_64-rhel.config14
-rwxr-xr-xkernel.spec17
-rw-r--r--patch-5.12.0-redhat.patch4
-rw-r--r--sources6
27 files changed, 115 insertions, 127 deletions
diff --git a/Makefile.rhelver b/Makefile.rhelver
index 8dfb22e9e..c37623596 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 99
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
-RHEL_RELEASE = 176
+RHEL_RELEASE = 177
#
# Early y+1 numbering
diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config
index 5e555106b..07c0244c3 100644
--- a/kernel-aarch64-debug-fedora.config
+++ b/kernel-aarch64-debug-fedora.config
@@ -3553,8 +3553,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config
index e544d94f3..10606785a 100644
--- a/kernel-aarch64-debug-rhel.config
+++ b/kernel-aarch64-debug-rhel.config
@@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
+CONFIG_CRYPTO_POLY1305_NEON=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2821,6 +2819,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y
# CONFIG_LOCK_STAT is not set
@@ -2841,8 +2843,8 @@ CONFIG_LOOPBACK_TARGET=m
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4746,13 +4748,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config
index 86ad13ece..1fa002620 100644
--- a/kernel-aarch64-fedora.config
+++ b/kernel-aarch64-fedora.config
@@ -3531,8 +3531,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config
index 875be5731..1ea1e5ad6 100644
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
+CONFIG_CRYPTO_POLY1305_NEON=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2801,6 +2799,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set
# CONFIG_LOCK_STAT is not set
@@ -2821,8 +2823,8 @@ CONFIG_LOOPBACK_TARGET=m
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4725,13 +4727,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config
index 14de6e846..0f487ced7 100644
--- a/kernel-armv7hl-debug-fedora.config
+++ b/kernel-armv7hl-debug-fedora.config
@@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305_ARM=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3599,8 +3598,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=32768
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config
index 5c897e759..dd8805e45 100644
--- a/kernel-armv7hl-fedora.config
+++ b/kernel-armv7hl-fedora.config
@@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305_ARM=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3578,8 +3577,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=32768
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config
index 892b17292..a44e01b1b 100644
--- a/kernel-armv7hl-lpae-debug-fedora.config
+++ b/kernel-armv7hl-lpae-debug-fedora.config
@@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305_ARM=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3525,8 +3524,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=32768
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config
index 67f146985..563b49088 100644
--- a/kernel-armv7hl-lpae-fedora.config
+++ b/kernel-armv7hl-lpae-fedora.config
@@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305_ARM=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3504,8 +3503,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=32768
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config
index d7fdfb76a..b5690eda9 100644
--- a/kernel-i686-debug-fedora.config
+++ b/kernel-i686-debug-fedora.config
@@ -1093,14 +1093,11 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3227,8 +3224,8 @@ CONFIG_LPC_ICH=m
CONFIG_LP_CONSOLE=y
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config
index accadeb33..e90799a79 100644
--- a/kernel-i686-fedora.config
+++ b/kernel-i686-fedora.config
@@ -1092,14 +1092,11 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -3205,8 +3202,8 @@ CONFIG_LPC_ICH=m
CONFIG_LP_CONSOLE=y
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config
index 45042c0bb..668c04c34 100644
--- a/kernel-ppc64le-debug-fedora.config
+++ b/kernel-ppc64le-debug-fedora.config
@@ -1038,7 +1038,6 @@ CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2984,8 +2983,8 @@ CONFIG_LPARCFG=y
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config
index 2743dc425..078ec0ad4 100644
--- a/kernel-ppc64le-debug-rhel.config
+++ b/kernel-ppc64le-debug-rhel.config
@@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
-# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
+CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CMAC=m
# CONFIG_CRYPTO_CRC32C_VPMSUM is not set
CONFIG_CRYPTO_CRC32C=y
@@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m
# CONFIG_CRYPTO_MD5_PPC is not set
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2679,6 +2674,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y
CONFIG_LOCK_STAT=y
@@ -2700,8 +2699,8 @@ CONFIG_LPARCFG=y
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4573,13 +4572,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config
index ce13755e9..0ea578320 100644
--- a/kernel-ppc64le-fedora.config
+++ b/kernel-ppc64le-fedora.config
@@ -1037,7 +1037,6 @@ CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2962,8 +2961,8 @@ CONFIG_LPARCFG=y
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config
index 989d129ac..1499e2042 100644
--- a/kernel-ppc64le-rhel.config
+++ b/kernel-ppc64le-rhel.config
@@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
-# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
+CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CMAC=m
# CONFIG_CRYPTO_CRC32C_VPMSUM is not set
CONFIG_CRYPTO_CRC32C=y
@@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m
# CONFIG_CRYPTO_MD5_PPC is not set
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2662,6 +2657,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set
# CONFIG_LOCK_STAT is not set
@@ -2683,8 +2682,8 @@ CONFIG_LPARCFG=y
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4556,13 +4555,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config
index 427a3ab72..6c7e257ce 100644
--- a/kernel-s390x-debug-fedora.config
+++ b/kernel-s390x-debug-fedora.config
@@ -1040,7 +1040,6 @@ CONFIG_CRYPTO_PAES_S390=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2957,8 +2956,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config
index 44108c554..3decc0d75 100644
--- a/kernel-s390x-debug-rhel.config
+++ b/kernel-s390x-debug-rhel.config
@@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CMAC=m
# CONFIG_CRYPTO_CRC32C_VPMSUM is not set
@@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PAES_S390=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2650,6 +2645,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y
CONFIG_LOCK_STAT=y
@@ -2670,8 +2669,8 @@ CONFIG_LOOPBACK_TARGET=m
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
# CONFIG_LSI_ET1011C_PHY is not set
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4521,13 +4520,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config
index 2151fa4bf..3986da7b5 100644
--- a/kernel-s390x-fedora.config
+++ b/kernel-s390x-fedora.config
@@ -1039,7 +1039,6 @@ CONFIG_CRYPTO_PAES_S390=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2935,8 +2934,8 @@ CONFIG_LOOPBACK_TARGET=m
CONFIG_LP_CONSOLE=y
# CONFIG_LPC_SCH is not set
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config
index 46046561a..dd3da9a99 100644
--- a/kernel-s390x-rhel.config
+++ b/kernel-s390x-rhel.config
@@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CMAC=m
# CONFIG_CRYPTO_CRC32C_VPMSUM is not set
@@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PAES_S390=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
@@ -2633,6 +2628,10 @@ CONFIG_LLC=m
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set
# CONFIG_LOCK_STAT is not set
@@ -2653,8 +2652,8 @@ CONFIG_LOOPBACK_TARGET=m
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
# CONFIG_LSI_ET1011C_PHY is not set
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4504,13 +4503,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config
index 2053638e9..873c899a6 100644
--- a/kernel-s390x-zfcpdump-rhel.config
+++ b/kernel-s390x-zfcpdump-rhel.config
@@ -428,7 +428,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
# CONFIG_BPF_SYSCALL is not set
@@ -800,7 +800,6 @@ CONFIG_CRYPTO_CAST6=y
CONFIG_CRYPTO_CBC=y
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_CFB is not set
-CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=y
CONFIG_CRYPTO_CHACHA20=y
CONFIG_CRYPTO_CMAC=y
@@ -873,14 +872,10 @@ CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MD4=y
# CONFIG_CRYPTO_MD5 is not set
CONFIG_CRYPTO_MICHAEL_MIC=y
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=y
CONFIG_CRYPTO_PAES_S390=m
CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_PCRYPT=y
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_POLY1305=y
CONFIG_CRYPTO_RMD128=y
CONFIG_CRYPTO_RMD160=y
@@ -2653,6 +2648,10 @@ CONFIG_LOCALVERSION=""
CONFIG_LOCALVERSION_AUTO=y
# CONFIG_LOCKDEP is not set
CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set
# CONFIG_LOCK_STAT is not set
@@ -2673,8 +2672,8 @@ CONFIG_LOOPBACK_TARGET=y
# CONFIG_LP_CONSOLE is not set
# CONFIG_LPC_SCH is not set
# CONFIG_LSI_ET1011C_PHY is not set
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4533,13 +4532,13 @@ CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY is not set
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config
index 51203e963..5d5d98c92 100644
--- a/kernel-x86_64-debug-fedora.config
+++ b/kernel-x86_64-debug-fedora.config
@@ -1127,7 +1127,6 @@ CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
@@ -3277,8 +3276,8 @@ CONFIG_LPC_ICH=m
CONFIG_LP_CONSOLE=y
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 46428270e..002772c5d 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
CONFIG_CRYPTO_CMAC=m
@@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
@@ -2844,6 +2841,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y
CONFIG_LOCK_STAT=y
@@ -2864,8 +2864,8 @@ CONFIG_LPC_ICH=m
# CONFIG_LP_CONSOLE is not set
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4726,13 +4726,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config
index aa9558a51..f7bb18370 100644
--- a/kernel-x86_64-fedora.config
+++ b/kernel-x86_64-fedora.config
@@ -1126,7 +1126,6 @@ CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
@@ -3255,8 +3254,8 @@ CONFIG_LPC_ICH=m
CONFIG_LP_CONSOLE=y
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
+CONFIG_LSM_MMAP_MIN_ADDR=65535
CONFIG_LTC1660=m
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 574bcbf4e..f1393add7 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT=y
# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_STREAM_PARSER=y
CONFIG_BPF_SYSCALL=y
@@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CHACHA20=m
-CONFIG_CRYPTO_CHACHA20_NEON=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
CONFIG_CRYPTO_CMAC=m
@@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
CONFIG_CRYPTO_NHPOLY1305_AVX2=m
-CONFIG_CRYPTO_NHPOLY1305_NEON=m
CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_RMD128=m
CONFIG_CRYPTO_RMD160=m
@@ -2825,6 +2822,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set
# CONFIG_LOCK_STAT is not set
@@ -2845,8 +2845,8 @@ CONFIG_LPC_ICH=m
# CONFIG_LP_CONSOLE is not set
CONFIG_LPC_SCH=m
CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
# CONFIG_LTC1660 is not set
# CONFIG_LTC2471 is not set
# CONFIG_LTC2485 is not set
@@ -4706,13 +4706,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_DEVELOP=y
diff --git a/kernel.spec b/kernel.spec
index 3795caa0c..f8bf32e33 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -70,7 +70,7 @@ Summary: The Linux kernel
# For a stable, released kernel, released_kernel should be 1.
%global released_kernel 0
-%global distro_build 0.rc4.20210324git7acac4b3196c.176
+%global distro_build 0.rc4.20210325gite138138003eb.177
%if 0%{?fedora}
%define secure_boot_arch x86_64
@@ -111,13 +111,13 @@ Summary: The Linux kernel
%endif
%define rpmversion 5.12.0
-%define pkgrelease 0.rc4.20210324git7acac4b3196c.176
+%define pkgrelease 0.rc4.20210325gite138138003eb.177
# This is needed to do merge window version magic
%define patchlevel 12
# allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 0.rc4.20210324git7acac4b3196c.176%{?buildid}%{?dist}
+%define specrelease 0.rc4.20210325gite138138003eb.177%{?buildid}%{?dist}
%define pkg_release %{specrelease}
@@ -624,7 +624,7 @@ BuildRequires: clang
# exact git commit you can run
#
# xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-20210324git7acac4b3196c.tar.xz
+Source0: linux-20210325gite138138003eb.tar.xz
Source1: Makefile.rhelver
@@ -1278,8 +1278,8 @@ ApplyOptionalPatch()
fi
}
-%setup -q -n kernel-20210324git7acac4b3196c -c
-mv linux-20210324git7acac4b3196c linux-%{KVERREL}
+%setup -q -n kernel-20210325gite138138003eb -c
+mv linux-20210325gite138138003eb linux-%{KVERREL}
cd linux-%{KVERREL}
cp -a %{SOURCE1} .
@@ -2793,6 +2793,11 @@ fi
#
#
%changelog
+* Thu Mar 25 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210325gite138138003eb.177]
+- New configs in arch/powerpc (Fedora Kernel Team)
+- configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek)
+- configs: clean up LSM configs (Ondrej Mosnacek)
+
* Wed Mar 24 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210324git7acac4b3196c.176]
- New configs in drivers/platform (CKI@GitLab)
- New configs in drivers/firmware (CKI@GitLab)
diff --git a/patch-5.12.0-redhat.patch b/patch-5.12.0-redhat.patch
index d865f886d..b97ce5c86 100644
--- a/patch-5.12.0-redhat.patch
+++ b/patch-5.12.0-redhat.patch
@@ -2112,7 +2112,7 @@ index 320f1f3941b7..e3632573c1ed 100644
obj-$(CONFIG_MODULES) += kmod.o
obj-$(CONFIG_MULTIUSER) += groups.o
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
-index c859bc46d06c..1c6e78fa2b6d 100644
+index 250503482cda..dde01992df7e 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -24,6 +24,7 @@
@@ -2150,7 +2150,7 @@ index c859bc46d06c..1c6e78fa2b6d 100644
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
-@@ -4346,11 +4365,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
+@@ -4351,11 +4370,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size)
{
union bpf_attr attr;
diff --git a/sources b/sources
index 9ff69f0aa..f3d3ae807 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-20210324git7acac4b3196c.tar.xz) = e569e8ed9287b4b70dd9b0a21075bf73f9710ef9de30fa58d82a79ade0f117fe003b11f40bd8579a11e6e7a80db132e65db89e0e57e4c3cee649175feaccc828
-SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = d05475da5df631a7e2d122b00ba3fb6e9e690d3d6feb2b9e64907f7b34bdc6d21a0b778240959b9d30d0097f7befcf088417241e8b766f75c7da9242a7736eeb
-SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = 614a82ee5481afd7ee621963fa15e587b5e60de00d963dcc86ef2efd0007f402442d6e4b17a353b56860badeb7727d6a2ccb559d28c3f54c7bcfff1fcaf86178
+SHA512 (linux-20210325gite138138003eb.tar.xz) = 301e6898d11cff3befeff254412bd74b63652450f3937c96de12f2527f6a91bcfb514bdd775154ff8269aa7eb3dcb34b83ba9a4f1323026d78db072e7ce267ff
+SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210325gite138138003eb.177.tar.bz2) = 542796b1b221a8d45871cbce579031675478a76cb3a647baa4c4ba6caf68b7be47250a8d8a873ff3294291c7d7aeb94c96dc5a0c27964349ea9a6f2847e86814
+SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210325gite138138003eb.177.tar.bz2) = b2638b88c46595dc96f6b236f38ca415eebfa3efd834de8840b77b460ce8afaac2b4e18ef77363a4d716f70a8b32c5d961c7f0489764e66abeff05adee6efc8e