From 07405db22538d9e0d69ff13cdcf984aa2c1f6262 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Thu, 25 Mar 2021 11:39:54 -0500 Subject: kernel-5.12.0-0.rc4.20210325gite138138003eb.177 * Thu Mar 25 2021 Fedora Kernel Team [5.12.0-0.rc4.20210325gite138138003eb.177] - New configs in arch/powerpc (Fedora Kernel Team) - configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek) - configs: clean up LSM configs (Ondrej Mosnacek) Resolves: rhbz# Signed-off-by: Justin M. Forbes --- Makefile.rhelver | 2 +- kernel-aarch64-debug-fedora.config | 4 ++-- kernel-aarch64-debug-rhel.config | 16 +++++++++------- kernel-aarch64-fedora.config | 4 ++-- kernel-aarch64-rhel.config | 16 +++++++++------- kernel-armv7hl-debug-fedora.config | 3 +-- kernel-armv7hl-fedora.config | 3 +-- kernel-armv7hl-lpae-debug-fedora.config | 3 +-- kernel-armv7hl-lpae-fedora.config | 3 +-- kernel-i686-debug-fedora.config | 7 ++----- kernel-i686-fedora.config | 7 ++----- kernel-ppc64le-debug-fedora.config | 5 ++--- kernel-ppc64le-debug-rhel.config | 19 +++++++++---------- kernel-ppc64le-fedora.config | 5 ++--- kernel-ppc64le-rhel.config | 19 +++++++++---------- kernel-s390x-debug-fedora.config | 5 ++--- kernel-s390x-debug-rhel.config | 17 ++++++++--------- kernel-s390x-fedora.config | 5 ++--- kernel-s390x-rhel.config | 17 ++++++++--------- kernel-s390x-zfcpdump-rhel.config | 17 ++++++++--------- kernel-x86_64-debug-fedora.config | 5 ++--- kernel-x86_64-debug-rhel.config | 14 +++++++------- kernel-x86_64-fedora.config | 5 ++--- kernel-x86_64-rhel.config | 14 +++++++------- kernel.spec | 17 +++++++++++------ patch-5.12.0-redhat.patch | 4 ++-- sources | 6 +++--- 27 files changed, 115 insertions(+), 127 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 8dfb22e9e..c37623596 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 176 +RHEL_RELEASE = 177 # # Early y+1 numbering diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 5e555106b..07c0244c3 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -3553,8 +3553,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index e544d94f3..10606785a 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set +CONFIG_CRYPTO_POLY1305_NEON=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2821,6 +2819,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y # CONFIG_LOCK_STAT is not set @@ -2841,8 +2843,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4746,13 +4748,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index 86ad13ece..1fa002620 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -3531,8 +3531,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 875be5731..1ea1e5ad6 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set +CONFIG_CRYPTO_POLY1305_NEON=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2801,6 +2799,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2821,8 +2823,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4725,13 +4727,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index 14de6e846..0f487ced7 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3599,8 +3598,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index 5c897e759..dd8805e45 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -1385,7 +1385,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3578,8 +3577,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index 892b17292..a44e01b1b 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3525,8 +3524,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index 67f146985..563b49088 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -1355,7 +1355,6 @@ CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305_ARM=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3504,8 +3503,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=32768 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index d7fdfb76a..b5690eda9 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -1093,14 +1093,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3227,8 +3224,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index accadeb33..e90799a79 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -1092,14 +1092,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -3205,8 +3202,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index 45042c0bb..668c04c34 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -1038,7 +1038,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2984,8 +2983,8 @@ CONFIG_LPARCFG=y CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 2743dc425..078ec0ad4 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set CONFIG_CRYPTO_CRC32C=y @@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m # CONFIG_CRYPTO_MD5_PPC is not set CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2679,6 +2674,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2700,8 +2699,8 @@ CONFIG_LPARCFG=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4573,13 +4572,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index ce13755e9..0ea578320 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -1037,7 +1037,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2962,8 +2961,8 @@ CONFIG_LPARCFG=y CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 989d129ac..1499e2042 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -795,8 +795,7 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set CONFIG_CRYPTO_CRC32C=y @@ -871,14 +870,10 @@ CONFIG_CRYPTO_MD4=m # CONFIG_CRYPTO_MD5_PPC is not set CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2662,6 +2657,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2683,8 +2682,8 @@ CONFIG_LPARCFG=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4556,13 +4555,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index 427a3ab72..6c7e257ce 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -1040,7 +1040,6 @@ CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2957,8 +2956,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 44108c554..3decc0d75 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set @@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2650,6 +2645,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2670,8 +2669,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4521,13 +4520,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index 2151fa4bf..3986da7b5 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -1039,7 +1039,6 @@ CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2935,8 +2934,8 @@ CONFIG_LOOPBACK_TARGET=m CONFIG_LP_CONSOLE=y # CONFIG_LPC_SCH is not set CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 46046561a..dd3da9a99 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -424,7 +424,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -796,7 +796,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CMAC=m # CONFIG_CRYPTO_CRC32C_VPMSUM is not set @@ -868,15 +867,11 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m @@ -2633,6 +2628,10 @@ CONFIG_LLC=m CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2653,8 +2652,8 @@ CONFIG_LOOPBACK_TARGET=m # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4504,13 +4503,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 2053638e9..873c899a6 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -428,7 +428,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y # CONFIG_BPF_SYSCALL is not set @@ -800,7 +800,6 @@ CONFIG_CRYPTO_CAST6=y CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CCM is not set # CONFIG_CRYPTO_CFB is not set -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=y CONFIG_CRYPTO_CHACHA20=y CONFIG_CRYPTO_CMAC=y @@ -873,14 +872,10 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MD4=y # CONFIG_CRYPTO_MD5 is not set CONFIG_CRYPTO_MICHAEL_MIC=y -CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m -CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=y CONFIG_CRYPTO_PAES_S390=m CONFIG_CRYPTO_PCBC=y CONFIG_CRYPTO_PCRYPT=y -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305=y CONFIG_CRYPTO_RMD128=y CONFIG_CRYPTO_RMD160=y @@ -2653,6 +2648,10 @@ CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y # CONFIG_LOCKDEP is not set CONFIG_LOCKD=m +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2673,8 +2672,8 @@ CONFIG_LOOPBACK_TARGET=y # CONFIG_LP_CONSOLE is not set # CONFIG_LPC_SCH is not set # CONFIG_LSI_ET1011C_PHY is not set +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4533,13 +4532,13 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY is not set # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 51203e963..5d5d98c92 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -1127,7 +1127,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -3277,8 +3276,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 46428270e..002772c5d 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_CMAC=m @@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -2844,6 +2841,9 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_STAT=y @@ -2864,8 +2864,8 @@ CONFIG_LPC_ICH=m # CONFIG_LP_CONSOLE is not set CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4726,13 +4726,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index aa9558a51..f7bb18370 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -1126,7 +1126,6 @@ CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -3255,8 +3254,8 @@ CONFIG_LPC_ICH=m CONFIG_LP_CONSOLE=y CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" +CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 574bcbf4e..f1393add7 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -451,7 +451,7 @@ CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT=y # CONFIG_BPF_KPROBE_OVERRIDE is not set -# CONFIG_BPF_LSM is not set +CONFIG_BPF_LSM=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_STREAM_PARSER=y CONFIG_BPF_SYSCALL=y @@ -828,7 +828,6 @@ CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CCM=m # CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CHACHA20=m -CONFIG_CRYPTO_CHACHA20_NEON=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_CMAC=m @@ -916,13 +915,11 @@ CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m -CONFIG_CRYPTO_NHPOLY1305_NEON=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_OFB=m CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_POLY1305=m -# CONFIG_CRYPTO_POLY1305_NEON is not set CONFIG_CRYPTO_POLY1305_X86_64=m CONFIG_CRYPTO_RMD128=m CONFIG_CRYPTO_RMD160=m @@ -2825,6 +2822,9 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_LOCKD=m CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y CONFIG_LOCKD_V4=y # CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_STAT is not set @@ -2845,8 +2845,8 @@ CONFIG_LPC_ICH=m # CONFIG_LP_CONSOLE is not set CONFIG_LPC_SCH=m CONFIG_LSI_ET1011C_PHY=m +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf" CONFIG_LSM_MMAP_MIN_ADDR=65535 -CONFIG_LSM="yama,integrity,selinux" # CONFIG_LTC1660 is not set # CONFIG_LTC2471 is not set # CONFIG_LTC2485 is not set @@ -4706,13 +4706,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_DEVELOP=y diff --git a/kernel.spec b/kernel.spec index 3795caa0c..f8bf32e33 100755 --- a/kernel.spec +++ b/kernel.spec @@ -70,7 +70,7 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. %global released_kernel 0 -%global distro_build 0.rc4.20210324git7acac4b3196c.176 +%global distro_build 0.rc4.20210325gite138138003eb.177 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -111,13 +111,13 @@ Summary: The Linux kernel %endif %define rpmversion 5.12.0 -%define pkgrelease 0.rc4.20210324git7acac4b3196c.176 +%define pkgrelease 0.rc4.20210325gite138138003eb.177 # This is needed to do merge window version magic %define patchlevel 12 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc4.20210324git7acac4b3196c.176%{?buildid}%{?dist} +%define specrelease 0.rc4.20210325gite138138003eb.177%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -624,7 +624,7 @@ BuildRequires: clang # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-20210324git7acac4b3196c.tar.xz +Source0: linux-20210325gite138138003eb.tar.xz Source1: Makefile.rhelver @@ -1278,8 +1278,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-20210324git7acac4b3196c -c -mv linux-20210324git7acac4b3196c linux-%{KVERREL} +%setup -q -n kernel-20210325gite138138003eb -c +mv linux-20210325gite138138003eb linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2793,6 +2793,11 @@ fi # # %changelog +* Thu Mar 25 2021 Fedora Kernel Team [5.12.0-0.rc4.20210325gite138138003eb.177] +- New configs in arch/powerpc (Fedora Kernel Team) +- configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek) +- configs: clean up LSM configs (Ondrej Mosnacek) + * Wed Mar 24 2021 Fedora Kernel Team [5.12.0-0.rc4.20210324git7acac4b3196c.176] - New configs in drivers/platform (CKI@GitLab) - New configs in drivers/firmware (CKI@GitLab) diff --git a/patch-5.12.0-redhat.patch b/patch-5.12.0-redhat.patch index d865f886d..b97ce5c86 100644 --- a/patch-5.12.0-redhat.patch +++ b/patch-5.12.0-redhat.patch @@ -2112,7 +2112,7 @@ index 320f1f3941b7..e3632573c1ed 100644 obj-$(CONFIG_MODULES) += kmod.o obj-$(CONFIG_MULTIUSER) += groups.o diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c -index c859bc46d06c..1c6e78fa2b6d 100644 +index 250503482cda..dde01992df7e 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -24,6 +24,7 @@ @@ -2150,7 +2150,7 @@ index c859bc46d06c..1c6e78fa2b6d 100644 static const struct bpf_map_ops * const bpf_map_types[] = { #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) -@@ -4346,11 +4365,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr) +@@ -4351,11 +4370,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr) SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size) { union bpf_attr attr; diff --git a/sources b/sources index 9ff69f0aa..f3d3ae807 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-20210324git7acac4b3196c.tar.xz) = e569e8ed9287b4b70dd9b0a21075bf73f9710ef9de30fa58d82a79ade0f117fe003b11f40bd8579a11e6e7a80db132e65db89e0e57e4c3cee649175feaccc828 -SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = d05475da5df631a7e2d122b00ba3fb6e9e690d3d6feb2b9e64907f7b34bdc6d21a0b778240959b9d30d0097f7befcf088417241e8b766f75c7da9242a7736eeb -SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210324git7acac4b3196c.176.tar.bz2) = 614a82ee5481afd7ee621963fa15e587b5e60de00d963dcc86ef2efd0007f402442d6e4b17a353b56860badeb7727d6a2ccb559d28c3f54c7bcfff1fcaf86178 +SHA512 (linux-20210325gite138138003eb.tar.xz) = 301e6898d11cff3befeff254412bd74b63652450f3937c96de12f2527f6a91bcfb514bdd775154ff8269aa7eb3dcb34b83ba9a4f1323026d78db072e7ce267ff +SHA512 (kernel-abi-whitelists-5.12.0-0.rc4.20210325gite138138003eb.177.tar.bz2) = 542796b1b221a8d45871cbce579031675478a76cb3a647baa4c4ba6caf68b7be47250a8d8a873ff3294291c7d7aeb94c96dc5a0c27964349ea9a6f2847e86814 +SHA512 (kernel-kabi-dw-5.12.0-0.rc4.20210325gite138138003eb.177.tar.bz2) = b2638b88c46595dc96f6b236f38ca415eebfa3efd834de8840b77b460ce8afaac2b4e18ef77363a4d716f70a8b32c5d961c7f0489764e66abeff05adee6efc8e -- cgit