rancher/os-kernel
1
0
Fork 1
mirror of https://github.com/rancher/os-kernel.git synced 2025-09-04 14:24:36 +00:00
Code Issues Releases Wiki Activity

SELinux enabled kernel

Browse Source
This commit is contained in:
Josh Curl
2016-02-18 12:12:00 -08:00
parent 2b5bab39d1
commit 25a2d2fcf9
3 changed files with 40 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.dapper
View File

@@ -1,7 +1,7 @@
FROM ubuntu:14.04 FROM ubuntu:14.04
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim libssl-dev
RUN locale-gen en_US.UTF-8 RUN locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8 ENV LANG en_US.UTF-8

42
config/kernel-config
View File

@@ -75,8 +75,11 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y CONFIG_FHANDLE=y
CONFIG_USELIB=y CONFIG_USELIB=y
# CONFIG_AUDIT is not set CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
# #
# IRQ subsystem # IRQ subsystem
@@ -841,6 +844,7 @@ CONFIG_IPV6_SUBTREES=y
CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_IPV6_PIMSM_V2=y CONFIG_IPV6_PIMSM_V2=y
# CONFIG_NETLABEL is not set
CONFIG_NETWORK_SECMARK=y CONFIG_NETWORK_SECMARK=y
CONFIG_NET_PTP_CLASSIFY=y CONFIG_NET_PTP_CLASSIFY=y
CONFIG_NETWORK_PHY_TIMESTAMPING=y CONFIG_NETWORK_PHY_TIMESTAMPING=y
@@ -928,6 +932,7 @@ CONFIG_NETFILTER_XT_SET=m
# #
# Xtables targets # Xtables targets
# #
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
@@ -1100,6 +1105,7 @@ CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m CONFIG_IP_NF_RAW=m
# CONFIG_IP_NF_SECURITY is not set
CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP_NF_ARP_MANGLE=m
@@ -1135,6 +1141,7 @@ CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP6_NF_TARGET_SYNPROXY=m
CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_RAW=m CONFIG_IP6_NF_RAW=m
# CONFIG_IP6_NF_SECURITY is not set
CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_NAT=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_MASQUERADE=m
CONFIG_IP6_NF_TARGET_NPT=m CONFIG_IP6_NF_TARGET_NPT=m
@@ -3678,6 +3685,7 @@ CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y CONFIG_INOTIFY_USER=y
CONFIG_FANOTIFY=y CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
CONFIG_QUOTA=y CONFIG_QUOTA=y
CONFIG_QUOTA_NETLINK_INTERFACE=y CONFIG_QUOTA_NETLINK_INTERFACE=y
# CONFIG_PRINT_QUOTA_WARNING is not set # CONFIG_PRINT_QUOTA_WARNING is not set
@@ -3793,6 +3801,7 @@ CONFIG_PNFS_BLOCK=m
CONFIG_PNFS_FLEXFILE_LAYOUT=m CONFIG_PNFS_FLEXFILE_LAYOUT=m
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
# CONFIG_NFS_V4_1_MIGRATION is not set # CONFIG_NFS_V4_1_MIGRATION is not set
CONFIG_NFS_V4_SECURITY_LABEL=y
# CONFIG_NFS_FSCACHE is not set # CONFIG_NFS_FSCACHE is not set
# CONFIG_NFS_USE_LEGACY_DNS is not set # CONFIG_NFS_USE_LEGACY_DNS is not set
CONFIG_NFS_USE_KERNEL_DNS=y CONFIG_NFS_USE_KERNEL_DNS=y
@@ -3803,6 +3812,7 @@ CONFIG_NFSD_V3=y
CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y CONFIG_NFSD_V4=y
# CONFIG_NFSD_PNFS is not set # CONFIG_NFSD_PNFS is not set
# CONFIG_NFSD_V4_SECURITY_LABEL is not set
# CONFIG_NFSD_FAULT_INJECTION is not set # CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_GRACE_PERIOD=m CONFIG_GRACE_PERIOD=m
CONFIG_LOCKD=m CONFIG_LOCKD=m
@@ -4118,11 +4128,33 @@ CONFIG_KEYS=y
# CONFIG_BIG_KEYS is not set # CONFIG_BIG_KEYS is not set
# CONFIG_ENCRYPTED_KEYS is not set # CONFIG_ENCRYPTED_KEYS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set CONFIG_SECURITY=y
# CONFIG_SECURITYFS is not set CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_INTEL_TXT is not set # CONFIG_INTEL_TXT is not set
CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_DEFAULT_SECURITY="" CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="selinux"
CONFIG_XOR_BLOCKS=m CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m CONFIG_ASYNC_MEMCPY=m

4
scripts/build-common
View File

@@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
set -e set -e
: ${KERNEL_URL:="https://github.com/rancher/linux/archive/Ubuntu-4.2.0-28.33-rancher.tar.gz"} : ${KERNEL_URL:="https://github.com/rancher/linux/archive/SELinux-4.4.2-rancher.tar.gz"}
: ${KERNEL_SHA1:="2cf7bf21f84570dc337bfa4eed43570a32e312a4"} : ${KERNEL_SHA1:="2f9793e98e2548558712e16feccc78e72886a825"}
: ${ARTIFACTS:=$(pwd)/assets} : ${ARTIFACTS:=$(pwd)/assets}
: ${BUILD:=/usr/src} : ${BUILD:=/usr/src}
: ${CONFIG:=$(pwd)/config} : ${CONFIG:=$(pwd)/config}