Enable YAMA (rhbz 1196825)

This commit is contained in:
Josh Boyer 2015-03-02 10:14:15 -05:00
parent e6b799b67d
commit ebce054077
3 changed files with 39 additions and 1 deletions

View File

@ -4546,7 +4546,8 @@ CONFIG_SECURITY_SELINUX_AVC_STATS=y
# CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set # CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set # CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
CONFIG_AUDIT=y CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y
# http://lists.fedoraproject.org/pipermail/kernel/2013-February/004125.html # http://lists.fedoraproject.org/pipermail/kernel/2013-February/004125.html

View File

@ -623,6 +623,9 @@ Patch26138: ext4-Allocate-entire-range-in-zero-range.patch
#rhbz 1190947 #rhbz 1190947
Patch26139: Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch Patch26139: Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
#rhbz 1196825
Patch26140: security-yama-Remove-unnecessary-selects-from-Kconfi.patch
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
Patch30000: kernel-arm64.patch Patch30000: kernel-arm64.patch
Patch30001: kernel-arm64-fix-psci-when-pg.patch Patch30001: kernel-arm64-fix-psci-when-pg.patch
@ -1355,6 +1358,9 @@ ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch
#rhbz 1190947 #rhbz 1190947
ApplyPatch Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch ApplyPatch Bluetooth-ath3k-Add-support-Atheros-AR5B195-combo-Mi.patch
#rhbz 1196825
ApplyPatch security-yama-Remove-unnecessary-selects-from-Kconfi.patch
%if 0%{?aarch64patches} %if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2215,6 +2221,9 @@ fi
# #
# #
%changelog %changelog
* Mon Mar 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Enable YAMA (rhbz 1196825)
* Sat Feb 28 2015 Peter Robinson <pbrobinson@fedoraproject.org> * Sat Feb 28 2015 Peter Robinson <pbrobinson@fedoraproject.org>
- ARMv7 OMAP updates, fix panda boot - ARMv7 OMAP updates, fix panda boot

View File

@ -0,0 +1,28 @@
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 27 Feb 2015 16:23:59 -0500
Subject: [PATCH] security/yama: Remove unnecessary selects from Kconfig.
Yama selects SECURITYFS and SECURITY_PATH, but requires neither.
Remove them.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
security/yama/Kconfig | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/yama/Kconfig b/security/yama/Kconfig
index 20ef5143c0c0..3123e1da2fed 100644
--- a/security/yama/Kconfig
+++ b/security/yama/Kconfig
@@ -1,8 +1,6 @@
config SECURITY_YAMA
bool "Yama support"
depends on SECURITY
- select SECURITYFS
- select SECURITY_PATH
default n
help
This selects Yama, which extends DAC support with additional
--
2.1.0