Merge pull request #4813 from ManaSugi/fix/add-selinux-agent

runtime,agent: Add SELinux support for containers inside the guest
2025-09-15 13:58:55 +00:00 · 2022-12-13 11:24:53 +01:00
parent 015674df16 78532154d9
commit f1381eb361
31 changed files with 520 additions and 79 deletions
--- a/tools/packaging/kernel/configs/fragments/common/lsm.conf
+++ b/tools/packaging/kernel/configs/fragments/common/lsm.conf
@@ -0,0 +1,12 @@
+# SELinux support:
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_LSM_MMAP_MIN_ADDR=6553
+CONFIG_NETWORK_SECMARK=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
+CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256