diff options
27 files changed, 144 insertions, 130 deletions
diff --git a/Makefile.rhelver b/Makefile.rhelver index 8dfb22e9e..f7cbe41db 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 176 +RHEL_RELEASE = 178 # # Early y+1 numbering diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 5e555106b..8c98f47c8 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -3553,8 +3553,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4762,6 +4762,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_IMX_IIM is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index e544d94f3..f3434c01d 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set +CONFIG_CRYPTO_POLY1305_NEON=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2821,6 +2819,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y # CONFIG_LOCK_STAT is not set @@ -2841,8 +2843,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3845,6 +3847,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_BCM_OCOTP is not set @@ -4746,13 +4749,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index 86ad13ece..3434a8c7b 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -3531,8 +3531,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4739,6 +4739,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_IMX_IIM is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 875be5731..3df3c161c 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set +CONFIG_CRYPTO_POLY1305_NEON=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2801,6 +2799,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2821,8 +2823,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3825,6 +3827,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_BCM_OCOTP is not set @@ -4725,13 +4728,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index 14de6e846..dee8218ee 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3599,8 +3598,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4839,6 +4838,7 @@ CONFIG_NS83820=m CONFIG_NULL_TTY=m CONFIG_NVEC_PAZ00=y CONFIG_NVEC_POWER=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y CONFIG_NVMEM_IMX_IIM=m diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index 5c897e759..d876c9416 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3578,8 +3577,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4817,6 +4816,7 @@ CONFIG_NS83820=m CONFIG_NULL_TTY=m CONFIG_NVEC_PAZ00=y CONFIG_NVEC_POWER=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y CONFIG_NVMEM_IMX_IIM=m diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index 892b17292..a539eea4d 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3525,8 +3524,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4733,6 +4732,7 @@ CONFIG_NS83820=m # CONFIG_NTB is not set # CONFIG_NTFS_FS is not set CONFIG_NULL_TTY=m +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y CONFIG_NVMEM_IMX_IIM=m diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index 67f146985..4b2effd6e 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3504,8 +3503,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4711,6 +4710,7 @@ CONFIG_NS83820=m # CONFIG_NTB is not set # CONFIG_NTFS_FS is not set CONFIG_NULL_TTY=m +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y CONFIG_NVMEM_IMX_IIM=m diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index d7fdfb76a..877ad2689 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -1093,14 +1093,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3227,8 +3224,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4371,6 +4368,7 @@ CONFIG_NSC_GPIO=m # CONFIG_NTFS_FS is not set CONFIG_NULL_TTY=m # CONFIG_NUMA is not set +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index accadeb33..9ca6b6c06 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -1092,14 +1092,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3205,8 +3202,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4349,6 +4346,7 @@ CONFIG_NSC_GPIO=m # CONFIG_NTFS_FS is not set CONFIG_NULL_TTY=m # CONFIG_NUMA is not set +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index 45042c0bb..d3c648e2e 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -1038,7 +1038,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2984,8 +2983,8 @@ CONFIG_LPARCFG=y CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4095,6 +4094,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 2743dc425..c704ba9b0 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set CONFIG_CRYPTO_CRC32C=y @@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m # CONFIG_CRYPTO_MD5_PPC is not set CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2679,6 +2674,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2700,8 +2699,8 @@ CONFIG_LPARCFG=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3686,6 +3685,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4573,13 +4573,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index ce13755e9..34d67e16e 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -1037,7 +1037,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2962,8 +2961,8 @@ CONFIG_LPARCFG=y CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4072,6 +4071,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 989d129ac..4d0ea7a26 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set CONFIG_CRYPTO_CRC32C=y @@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m # CONFIG_CRYPTO_MD5_PPC is not set CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2662,6 +2657,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2683,8 +2682,8 @@ CONFIG_LPARCFG=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3669,6 +3668,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4556,13 +4556,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index 427a3ab72..682aeca53 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -1040,7 +1040,6 @@ CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2957,8 +2956,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4065,6 +4064,7 @@ CONFIG_NULL_TTY=m CONFIG_NUMA_BALANCING=y CONFIG_NUMA_EMU=y CONFIG_NUMA=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 44108c554..9da3c6b59 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set @@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2650,6 +2645,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2670,8 +2669,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3662,6 +3661,7 @@ CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4521,13 +4521,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index 2151fa4bf..89f70d957 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -1039,7 +1039,6 @@ CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2935,8 +2934,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4042,6 +4041,7 @@ CONFIG_NULL_TTY=m CONFIG_NUMA_BALANCING=y CONFIG_NUMA_EMU=y CONFIG_NUMA=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 46046561a..089ed7ec0 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set @@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2633,6 +2628,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2653,8 +2652,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3645,6 +3644,7 @@ CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4504,13 +4504,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 2053638e9..ba7b3637d 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -428,7 +428,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y # CONFIG_BPF_SYSCALL is not set @@ -800,7 +800,6 @@ CONFIG_CRYPTO_CAST6=y CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_CFB is not set -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=y CONFIG_CRYPTO_CHACHA20=y CONFIG_CRYPTO_CMAC=y @@ -873,14 +872,10 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=y # CONFIG_CRYPTO_MD5 is not set CONFIG_CRYPTO_MICHAEL_MIC=y -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=y CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=y CONFIG_CRYPTO_PCRYPT=y -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305=y CONFIG_CRYPTO_RMD128=y CONFIG_CRYPTO_RMD160=y @@ -2653,6 +2648,10 @@ CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y # CONFIG_LOCKDEP is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2673,8 +2672,8 @@ CONFIG_LOOPBACK_TARGET=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3668,6 +3667,7 @@ CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y # CONFIG_NUMA is not set CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y # CONFIG_NVME_FC is not set # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4533,13 +4533,13 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY is not set # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 51203e963..c01c33d85 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -1127,7 +1127,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -3277,8 +3276,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4421,6 +4420,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 46428270e..af542ecce 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_CMAC=m @@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -2844,6 +2841,9 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2864,8 +2864,8 @@ CONFIG_LPC_ICH=m # CONFIG_LP_CONSOLE is not set CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3863,6 +3863,7 @@ CONFIG_NUMA_EMU=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4726,13 +4727,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 9449da23e..bf25392d0 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -1126,7 +1126,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -3255,8 +3254,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4399,6 +4398,7 @@ CONFIG_NUMA_BALANCING=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m CONFIG_NVME_HWMON=y # CONFIG_NVMEM_REBOOT_MODE is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 574bcbf4e..59d31424f 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_CMAC=m @@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -2825,6 +2822,9 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2845,8 +2845,8 @@ CONFIG_LPC_ICH=m # CONFIG_LP_CONSOLE is not set CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -3844,6 +3844,7 @@ CONFIG_NUMA_EMU=y CONFIG_NUMA=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_PFN=y +CONFIG_NVIDIA_CARMEL_CNP_ERRATUM=y CONFIG_NVME_FC=m # CONFIG_NVME_HWMON is not set # CONFIG_NVMEM_REBOOT_MODE is not set @@ -4706,13 +4707,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel.spec b/kernel.spec index b4746c54c..39a5df14c 100755 --- a/kernel.spec +++ b/kernel.spec @@ -70,7 +70,7 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. %global released_kernel 0 -%global distro_build 0.rc4.20210324git7acac4b3196c.176 +%global distro_build 0.rc4.20210326gitdb24726bfefa.178 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -113,13 +113,13 @@ Summary: The Linux kernel %endif %define rpmversion 5.12.0 -%define pkgrelease 0.rc4.20210324git7acac4b3196c.176 +%define pkgrelease 0.rc4.20210326gitdb24726bfefa.178 # This is needed to do merge window version magic %define patchlevel 12 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc4.20210324git7acac4b3196c.176%{?buildid}%{?dist} +%define specrelease 0.rc4.20210326gitdb24726bfefa.178%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -626,7 +626,7 @@ BuildRequires: clang # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-20210324git7acac4b3196c.tar.xz +Source0: linux-20210326gitdb24726bfefa.tar.xz Source1: Makefile.rhelver @@ -1281,8 +1281,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-20210324git7acac4b3196c -c -mv linux-20210324git7acac4b3196c linux-%{KVERREL} +%setup -q -n kernel-20210326gitdb24726bfefa -c +mv linux-20210326gitdb24726bfefa linux-%{KVERREL} cd linux-%{KVERREL} # cp -a %{SOURCE1} . @@ -2797,6 +2797,14 @@ fi # # %changelog +* Fri Mar 26 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210326gitdb24726bfefa.178] +- New configs in fs/pstore (CKI@GitLab) + +* Thu Mar 25 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210325gite138138003eb.177] +- New configs in arch/powerpc (Fedora Kernel Team) +- configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek) +- configs: clean up LSM configs (Ondrej Mosnacek) + * Wed Mar 24 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210324git7acac4b3196c.176] - New configs in drivers/platform (CKI@GitLab) - New configs in drivers/firmware (CKI@GitLab) diff --git a/patch-5.12.0-redhat.patch b/patch-5.12.0-redhat.patch index d865f886d..58c257861 100644 --- a/patch-5.12.0-redhat.patch +++ b/patch-5.12.0-redhat.patch @@ -192,10 +192,10 @@ index 5da96f5df48f..a35494d5910d 100644 The VM uses one page of physical memory for each page table. For systems with a lot of processes, this can use a lot of diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index 5656e7aacd69..fb23ebe99efe 100644 +index e4e1b6550115..800dd64437a8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig -@@ -899,7 +899,7 @@ endchoice +@@ -909,7 +909,7 @@ endchoice config ARM64_FORCE_52BIT bool "Force 52-bit virtual addresses for userspace" @@ -204,7 +204,7 @@ index 5656e7aacd69..fb23ebe99efe 100644 help For systems with 52-bit userspace VAs enabled, the kernel will attempt to maintain compatibility with older software by providing 48-bit VAs -@@ -1156,6 +1156,7 @@ config XEN +@@ -1166,6 +1166,7 @@ config XEN config FORCE_MAX_ZONEORDER int default "14" if ARM64_64K_PAGES @@ -2112,7 +2112,7 @@ index 320f1f3941b7..e3632573c1ed 100644 obj-$(CONFIG_MODULES) += kmod.o obj-$(CONFIG_MULTIUSER) += groups.o diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c -index c859bc46d06c..1c6e78fa2b6d 100644 +index 250503482cda..dde01992df7e 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -24,6 +24,7 @@ @@ -2150,7 +2150,7 @@ index c859bc46d06c..1c6e78fa2b6d 100644 static const struct bpf_map_ops * const bpf_map_types[] = { #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) -@@ -4346,11 +4365,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr) +@@ -4351,11 +4370,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr) SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size) { union bpf_attr attr; @@ -1,3 +1,3 @@ -SHA512 (linux-20210324git7acac4b3196c.tar.xz) = e569e8ed9287b4b70dd9b0a21075bf73f9710ef9de30fa58d82a79ade0f117fe003b11f40bd8579a11e6e7a80db132e65db89e0e57e4c3cee649175feaccc828 -SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = d05475da5df631a7e2d122b00ba3fb6e9e690d3d6feb2b9e64907f7b34bdc6d21a0b778240959b9d30d0097f7befcf088417241e8b766f75c7da9242a7736eeb -SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = 614a82ee5481afd7ee621963fa15e587b5e60de00d963dcc86ef2efd0007f402442d6e4b17a353b56860badeb7727d6a2ccb559d28c3f54c7bcfff1fcaf86178 +SHA512 (linux-20210326gitdb24726bfefa.tar.xz) = 2960a01421c3c1c8096bd6f3fcc51537069171ac8c7ca50728b1eb67a2caa5509c081adb308cc961da3e1607a243ee2a7d3710c8846e6055d25242b986f3bd0f +SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210326gitdb24726bfefa.178.tar.bz2) = 4ff7e866086b51abe29a976471777a122633263061e32a357f9ff1bd37ae82a0980231141c1460bbcb83f3dfe442152ace4bff9d78b136c76e456f4d8d56a10f +SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210326gitdb24726bfefa.178.tar.bz2) = 3f3087dbc37c9214beea8bf1a55b3b681305a25e9215cfb301189752a890765d6b2878eb7cc9a0d1bc65c0074b92a50ad722599c01d48e5652e5917f1c4d3a68 |