From 07405db22538d9e0d69ff13cdcf984aa2c1f6262 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Thu, 25 Mar 2021 11:39:54 -0500
Subject: kernel-5.12.0-0.rc4.20210325gite138138003eb.177

* Thu Mar 25 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.12.0-0.rc4.20210325gite138138003eb.177]
- New configs in arch/powerpc (Fedora Kernel Team)
- configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek)
- configs: clean up LSM configs (Ondrej Mosnacek)
Resolves: rhbz#

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
---
 kernel-aarch64-rhel.config | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'kernel-aarch64-rhel.config')

diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config
index 875be5731..1ea1e5ad6 100644
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@@ -533,7 +533,7 @@ CONFIG_BPF_EVENTS=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT=y
 # CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # CONFIG_BPF_PRELOAD is not set
 CONFIG_BPF_STREAM_PARSER=y
 CONFIG_BPF_SYSCALL=y
@@ -1010,14 +1010,12 @@ CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MD4=m
 CONFIG_CRYPTO_MD5=y
 CONFIG_CRYPTO_MICHAEL_MIC=m
-CONFIG_CRYPTO_NHPOLY1305_AVX2=m
 CONFIG_CRYPTO_NHPOLY1305_NEON=m
-CONFIG_CRYPTO_NHPOLY1305_SSE2=m
 CONFIG_CRYPTO_OFB=m
 CONFIG_CRYPTO_PCBC=m
 CONFIG_CRYPTO_PCRYPT=m
 CONFIG_CRYPTO_POLY1305=m
-# CONFIG_CRYPTO_POLY1305_NEON is not set
+CONFIG_CRYPTO_POLY1305_NEON=m
 CONFIG_CRYPTO_RMD128=m
 CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
@@ -2801,6 +2799,10 @@ CONFIG_LLC=m
 CONFIG_LOCALVERSION=""
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_LOCKD=m
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 CONFIG_LOCKD_V4=y
 # CONFIG_LOCK_EVENT_COUNTS is not set
 # CONFIG_LOCK_STAT is not set
@@ -2821,8 +2823,8 @@ CONFIG_LOOPBACK_TARGET=m
 # CONFIG_LP_CONSOLE is not set
 # CONFIG_LPC_SCH is not set
 CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LSM="lockdown,yama,integrity,selinux,bpf"
 CONFIG_LSM_MMAP_MIN_ADDR=65535
-CONFIG_LSM="yama,integrity,selinux"
 # CONFIG_LTC1660 is not set
 # CONFIG_LTC2471 is not set
 # CONFIG_LTC2485 is not set
@@ -4725,13 +4727,13 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_INFINIBAND=y
 # CONFIG_SECURITY_LOADPIN is not set
-# CONFIG_SECURITY_LOCKDOWN_LSM is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
 CONFIG_SECURITY_SELINUX_DEVELOP=y
-- 
cgit