summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosh Boyer <jwboyer@fedoraproject.org>2015-03-02 10:14:15 -0500
committerJosh Boyer <jwboyer@fedoraproject.org>2015-03-02 10:16:47 -0500
commitebce054077d69a2ad55196985c64708a0601bbce (patch)
tree7c1b8f68213f26cf1e596beabc7b8d36b177690d
parente6b799b67d2dc6cc1491f78a1a89decfcaaf656b (diff)
downloadkernel-ebce054077d69a2ad55196985c64708a0601bbce.tar.gz
kernel-ebce054077d69a2ad55196985c64708a0601bbce.tar.xz
kernel-ebce054077d69a2ad55196985c64708a0601bbce.zip
Enable YAMA (rhbz 1196825)
-rw-r--r--config-generic3
-rw-r--r--kernel.spec9
-rw-r--r--security-yama-Remove-unnecessary-selects-from-Kconfi.patch28
3 files changed, 39 insertions, 1 deletions
diff --git a/config-generic b/config-generic
index 275aa230e..c02128580 100644
--- a/config-generic
+++ b/config-generic
@@ -4546,7 +4546,8 @@ CONFIG_SECURITY_SELINUX_AVC_STATS=y
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
-# CONFIG_SECURITY_YAMA is not set
+CONFIG_SECURITY_YAMA=y
+CONFIG_SECURITY_YAMA_STACKED=y
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
# http://lists.fedoraproject.org/pipermail/kernel/2013-February/004125.html
diff --git a/kernel.spec b/kernel.spec
index 4fc47f2cc..e2d82dc2c 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -623,6 +623,9 @@ Patch26138: ext4-Allocate-entire-range-in-zero-range.patch
#rhbz 1190947
Patch26139: Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
+#rhbz 1196825
+Patch26140: security-yama-Remove-unnecessary-selects-from-Kconfi.patch
+
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch
Patch30001: kernel-arm64-fix-psci-when-pg.patch
@@ -1355,6 +1358,9 @@ ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch
#rhbz 1190947
ApplyPatch Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
+#rhbz 1196825
+ApplyPatch security-yama-Remove-unnecessary-selects-from-Kconfi.patch
+
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@@ -2215,6 +2221,9 @@ fi
#
#
%changelog
+* Mon Mar 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
+- Enable YAMA (rhbz 1196825)
+
* Sat Feb 28 2015 Peter Robinson <pbrobinson@fedoraproject.org>
- ARMv7 OMAP updates, fix panda boot
diff --git a/security-yama-Remove-unnecessary-selects-from-Kconfi.patch b/security-yama-Remove-unnecessary-selects-from-Kconfi.patch
new file mode 100644
index 000000000..aa2a0d3c2
--- /dev/null
+++ b/security-yama-Remove-unnecessary-selects-from-Kconfi.patch
@@ -0,0 +1,28 @@
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Fri, 27 Feb 2015 16:23:59 -0500
+Subject: [PATCH] security/yama: Remove unnecessary selects from Kconfig.
+
+Yama selects SECURITYFS and SECURITY_PATH, but requires neither.
+Remove them.
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ security/yama/Kconfig | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/security/yama/Kconfig b/security/yama/Kconfig
+index 20ef5143c0c0..3123e1da2fed 100644
+--- a/security/yama/Kconfig
++++ b/security/yama/Kconfig
+@@ -1,8 +1,6 @@
+ config SECURITY_YAMA
+ bool "Yama support"
+ depends on SECURITY
+- select SECURITYFS
+- select SECURITY_PATH
+ default n
+ help
+ This selects Yama, which extends DAC support with additional
+--
+2.1.0
+