kernel: Add kernel configs for SELinux

Add kernel configs related to SELinux in order to add the support for containers running inside the guest. Fixes: #4812 Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
2025-06-26 15:32:30 +00:00 · 2022-08-07 18:53:56 +09:00 · 2022-08-07 18:53:56 +09:00 · a9c746f284
commit a9c746f284
parent 681d946644
2 changed files with 13 additions and 1 deletions
--- a/tools/packaging/kernel/configs/fragments/common/lsm.conf
+++ b/tools/packaging/kernel/configs/fragments/common/lsm.conf
@ -0,0 +1,12 @@
+# SELinux support:
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_LSM_MMAP_MIN_ADDR=6553
+CONFIG_NETWORK_SECMARK=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
+CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@ -1 +1 @@
-96
+97