dashboard/config: add smack support

2 files changed, 16 insertions, 2 deletions

diff --git a/dashboard/config/upstream-kasan.config b/dashboard/config/upstream-kasan.config
index 4c667bdb9..2e65b92ae 100644
--- a/dashboard/config/upstream-kasan.config
+++ b/dashboard/config/upstream-kasan.config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.0-rc1 Kernel Configuration
+# Linux/x86 4.19.0-rc2 Kernel Configuration
 #
 
 # The following configs are added manually, preserve them.
@@ -5061,7 +5061,10 @@ CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
-# CONFIG_SECURITY_SMACK is not set
+CONFIG_SECURITY_SMACK=y
+# CONFIG_SECURITY_SMACK_BRINGUP is not set
+CONFIG_SECURITY_SMACK_NETFILTER=y
+# CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set
 # CONFIG_SECURITY_TOMOYO is not set
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
@@ -5098,9 +5101,11 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y
 # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y
+CONFIG_EVM_EXTRA_SMACK_XATTRS=y
 CONFIG_EVM_ADD_XATTRS=y
 # CONFIG_EVM_LOAD_X509 is not set
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_SMACK is not set
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
 CONFIG_DEFAULT_SECURITY="apparmor"
diff --git a/dashboard/config/upstream-smack.cmdline b/dashboard/config/upstream-smack.cmdline
new file mode 100644
index 000000000..268f154cc
--- /dev/null
+++ b/dashboard/config/upstream-smack.cmdline
@@ -0,0 +1,9 @@
+security=smack
+workqueue.watchdog_thresh=140
+kvm-intel.nested=1
+nf-conntrack-ftp.ports=20000
+nf-conntrack-tftp.ports=20000
+nf-conntrack-sip.ports=20000
+nf-conntrack-irc.ports=20000
+nf-conntrack-sane.ports=20000
+nopcid