mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-31 11:30:40 +00:00
Add kernel apparmor support
Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
This commit is contained in:
Chris Irrgang
committed by
Avi Deitcher
Avi Deitcher
parent
be7c483e17
commit
1200d24201
@@ -4933,7 +4933,13 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
|
||||
CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
@@ -4946,6 +4952,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
CONFIG_IMA=y
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_LSM_RULES=y
|
||||
CONFIG_IMA_NG_TEMPLATE=y
|
||||
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||
@@ -4967,8 +4974,9 @@ CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_EVM=y
|
||||
CONFIG_EVM_ATTR_FSUUID=y
|
||||
# CONFIG_EVM_ADD_XATTRS is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity"
|
||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
@@ -5343,7 +5351,7 @@ CONFIG_LZ4_COMPRESS=y
|
||||
CONFIG_LZ4HC_COMPRESS=y
|
||||
CONFIG_LZ4_DECOMPRESS=y
|
||||
CONFIG_ZSTD_COMMON=y
|
||||
CONFIG_ZSTD_COMPRESS=m
|
||||
CONFIG_ZSTD_COMPRESS=y
|
||||
CONFIG_ZSTD_DECOMPRESS=y
|
||||
CONFIG_XZ_DEC=y
|
||||
CONFIG_XZ_DEC_X86=y
|
||||
|
||||
@@ -4419,7 +4419,13 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
|
||||
CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
@@ -4432,6 +4438,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
CONFIG_IMA=y
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_LSM_RULES=y
|
||||
CONFIG_IMA_NG_TEMPLATE=y
|
||||
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||
@@ -4452,8 +4459,9 @@ CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_EVM=y
|
||||
CONFIG_EVM_ATTR_FSUUID=y
|
||||
# CONFIG_EVM_ADD_XATTRS is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity"
|
||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
@@ -4779,7 +4787,7 @@ CONFIG_LZ4_COMPRESS=y
|
||||
CONFIG_LZ4HC_COMPRESS=y
|
||||
CONFIG_LZ4_DECOMPRESS=y
|
||||
CONFIG_ZSTD_COMMON=y
|
||||
CONFIG_ZSTD_COMPRESS=m
|
||||
CONFIG_ZSTD_COMPRESS=y
|
||||
CONFIG_ZSTD_DECOMPRESS=y
|
||||
CONFIG_XZ_DEC=y
|
||||
CONFIG_XZ_DEC_X86=y
|
||||
|
||||
@@ -4489,7 +4489,13 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
|
||||
CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
@@ -4502,6 +4508,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
CONFIG_IMA=y
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_LSM_RULES=y
|
||||
CONFIG_IMA_NG_TEMPLATE=y
|
||||
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||
@@ -4523,8 +4530,9 @@ CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_EVM=y
|
||||
CONFIG_EVM_ATTR_FSUUID=y
|
||||
# CONFIG_EVM_ADD_XATTRS is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity"
|
||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
@@ -4892,7 +4900,7 @@ CONFIG_LZ4_COMPRESS=y
|
||||
CONFIG_LZ4HC_COMPRESS=y
|
||||
CONFIG_LZ4_DECOMPRESS=y
|
||||
CONFIG_ZSTD_COMMON=y
|
||||
CONFIG_ZSTD_COMPRESS=m
|
||||
CONFIG_ZSTD_COMPRESS=y
|
||||
CONFIG_ZSTD_DECOMPRESS=y
|
||||
CONFIG_XZ_DEC=y
|
||||
CONFIG_XZ_DEC_X86=y
|
||||
|
||||
Reference in New Issue
Block a user