dashboard/config: prepare for stacked security modules

In linux-next security modules can be stacked. TOMOYO is compatible with other modules and SAFESETID module is added. But this is not yet in mainline. Enable TOMOYO and SAFESETID. There is no way to enable stacked modules in linux-next while preserving the current behavior in mainline. Once these changes reach mainline, we will need to replace security cmdline arguments with lsm as follows: lsm=yama,safesetid,integrity,selinux,tomoyo lsm=yama,safesetid,integrity,smack,tomoyo lsm=yama,safesetid,integrity,tomoyo,apparmor
author: Dmitry Vyukov <dvyukov@google.com> 2019-02-01 11:00:59 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2019-02-01 11:00:59 +0100
commit: aa53be276dc84aa8b3825b3416542447ff82b41a (patch)
tree: 43edabde2c0b9d5bb23a012d3ed440b856042d59
parent: b97b12358e9b3ab7fdf6b6c9714b1105c685e7c8 (diff)
1 files changed, 33 insertions, 22 deletions
diff --git a/dashboard/config/upstream-kasan.config b/dashboard/config/upstream-kasan.config
index 475d84a3a..eefe29b4e 100644
--- a/dashboard/config/upstream-kasan.config
+++ b/dashboard/config/upstream-kasan.config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.0 Kernel Configuration
+# Linux/x86 5.0.0-rc4 Kernel Configuration
 #
 
 # The following configs are added manually, preserve them.
@@ -14,11 +14,12 @@ CONFIG_DEBUG_MEMORY=y
 CONFIG_DEBUG_AID_FOR_SYZBOT=y
 
 #
-# Compiler: gcc (GCC) 9.0.0 20181231 (experimental)
+# Compiler: gcc (GCC) 9.0.0 20190115 (experimental)
 #
 CONFIG_CC_IS_GCC=y
 CONFIG_GCC_VERSION=90000
 CONFIG_CLANG_VERSION=0
+CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_CONSTRUCTORS=y
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_EXTABLE_SORT=y
@@ -295,7 +296,7 @@ CONFIG_X86_X2APIC=y
 CONFIG_X86_MPPARSE=y
 # CONFIG_GOLDFISH is not set
 CONFIG_RETPOLINE=y
-# CONFIG_RESCTRL is not set
+# CONFIG_X86_RESCTRL is not set
 CONFIG_X86_EXTENDED_PLATFORM=y
 # CONFIG_X86_NUMACHIP is not set
 # CONFIG_X86_VSMP is not set
@@ -571,6 +572,7 @@ CONFIG_X86_ACPI_CPUFREQ_CPB=y
 CONFIG_CPU_IDLE=y
 # CONFIG_CPU_IDLE_GOV_LADDER is not set
 CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_CPU_IDLE_GOV_TEO is not set
 CONFIG_INTEL_IDLE=y
 
 #
@@ -745,8 +747,9 @@ CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
 #
 # CONFIG_GCOV_KERNEL is not set
 CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
-CONFIG_PLUGIN_HOSTCC=""
+CONFIG_PLUGIN_HOSTCC="g++"
 CONFIG_HAVE_GCC_PLUGINS=y
+# CONFIG_GCC_PLUGINS is not set
 CONFIG_RT_MUTEXES=y
 CONFIG_BASE_SMALL=0
 CONFIG_MODULES=y
@@ -932,6 +935,7 @@ CONFIG_NET_KEY_MIGRATE=y
 CONFIG_SMC=y
 CONFIG_SMC_DIAG=y
 CONFIG_XDP_SOCKETS=y
+CONFIG_XDP_SOCKETS_DIAG=y
 CONFIG_INET=y
 CONFIG_IP_MULTICAST=y
 CONFIG_IP_ADVANCED_ROUTER=y
@@ -3050,6 +3054,7 @@ CONFIG_SERIAL_NONSTANDARD=y
 CONFIG_N_HDLC=y
 # CONFIG_N_GSM is not set
 # CONFIG_TRACE_SINK is not set
+CONFIG_LDISC_AUTOLOAD=y
 CONFIG_DEVMEM=y
 # CONFIG_DEVKMEM is not set
 
@@ -3246,6 +3251,7 @@ CONFIG_SPI_MASTER=y
 CONFIG_SPI_BITBANG=y
 # CONFIG_SPI_CADENCE is not set
 # CONFIG_SPI_DESIGNWARE is not set
+# CONFIG_SPI_NXP_FLEXSPI is not set
 CONFIG_SPI_PXA2XX=y
 CONFIG_SPI_PXA2XX_PCI=y
 # CONFIG_SPI_ROCKCHIP is not set
@@ -3896,6 +3902,10 @@ CONFIG_DRM_KMS_CMA_HELPER=y
 # CONFIG_DRM_I2C_SIL164 is not set
 # CONFIG_DRM_I2C_NXP_TDA998X is not set
 # CONFIG_DRM_I2C_NXP_TDA9950 is not set
+
+#
+# ARM devices
+#
 # CONFIG_DRM_RADEON is not set
 # CONFIG_DRM_AMDGPU is not set
 
@@ -3951,6 +3961,7 @@ CONFIG_DRM_PANEL_BRIDGE=y
 # Display Interface Bridges
 #
 # CONFIG_DRM_ANALOGIX_ANX78XX is not set
+# CONFIG_DRM_ETNAVIV is not set
 # CONFIG_DRM_HISI_HIBMC is not set
 CONFIG_DRM_TINYDRM=y
 # CONFIG_TINYDRM_HX8357D is not set
@@ -4060,7 +4071,6 @@ CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
 # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set
 # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
 CONFIG_LOGO=y
-# CONFIG_FB_LOGO_CENTER is not set
 # CONFIG_LOGO_LINUX_MONO is not set
 # CONFIG_LOGO_LINUX_VGA16 is not set
 CONFIG_LOGO_LINUX_CLUT224=y
@@ -4298,6 +4308,7 @@ CONFIG_LOGIRUMBLEPAD2_FF=y
 CONFIG_LOGIG940_FF=y
 CONFIG_LOGIWHEELS_FF=y
 CONFIG_HID_MAGICMOUSE=y
+# CONFIG_HID_MALTRON is not set
 # CONFIG_HID_MAYFLASH is not set
 # CONFIG_HID_REDRAGON is not set
 CONFIG_HID_MICROSOFT=y
@@ -4396,6 +4407,7 @@ CONFIG_USB_EHCI_HCD=y
 CONFIG_USB_EHCI_ROOT_HUB_TT=y
 CONFIG_USB_EHCI_TT_NEWSCHED=y
 CONFIG_USB_EHCI_PCI=y
+# CONFIG_USB_EHCI_FSL is not set
 # CONFIG_USB_EHCI_HCD_PLATFORM is not set
 # CONFIG_USB_OXU210HP_HCD is not set
 # CONFIG_USB_ISP116X_HCD is not set
@@ -4743,6 +4755,10 @@ CONFIG_MLX4_INFINIBAND=y
 # CONFIG_INFINIBAND_OCRDMA is not set
 # CONFIG_INFINIBAND_VMWARE_PVRDMA is not set
 CONFIG_INFINIBAND_USNIC=y
+# CONFIG_INFINIBAND_BNXT_RE is not set
+# CONFIG_INFINIBAND_HFI1 is not set
+CONFIG_INFINIBAND_RDMAVT=y
+CONFIG_RDMA_RXE=y
 CONFIG_INFINIBAND_IPOIB=y
 CONFIG_INFINIBAND_IPOIB_CM=y
 CONFIG_INFINIBAND_IPOIB_DEBUG=y
@@ -4750,10 +4766,6 @@ CONFIG_INFINIBAND_IPOIB_DEBUG=y
 CONFIG_INFINIBAND_SRP=y
 CONFIG_INFINIBAND_ISER=y
 CONFIG_INFINIBAND_OPA_VNIC=y
-CONFIG_INFINIBAND_RDMAVT=y
-CONFIG_RDMA_RXE=y
-# CONFIG_INFINIBAND_HFI1 is not set
-# CONFIG_INFINIBAND_BNXT_RE is not set
 CONFIG_EDAC_ATOMIC_SCRUB=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_EDAC=y
@@ -4820,6 +4832,7 @@ CONFIG_RTC_INTF_DEV=y
 # CONFIG_RTC_DRV_RX8025 is not set
 # CONFIG_RTC_DRV_EM3027 is not set
 # CONFIG_RTC_DRV_RV8803 is not set
+# CONFIG_RTC_DRV_SD3078 is not set
 
 #
 # SPI RTC drivers
@@ -4978,7 +4991,6 @@ CONFIG_STAGING=y
 # CONFIG_VT6655 is not set
 # CONFIG_VT6656 is not set
 # CONFIG_FB_SM750 is not set
-# CONFIG_FB_XGI is not set
 
 #
 # Speakup console speech
@@ -5102,6 +5114,7 @@ CONFIG_CLKBLD_I8253=y
 CONFIG_MAILBOX=y
 CONFIG_PCC=y
 # CONFIG_ALTERA_MBOX is not set
+CONFIG_IOMMU_IOVA=y
 CONFIG_IOMMU_API=y
 CONFIG_IOMMU_SUPPORT=y
 
@@ -5110,7 +5123,6 @@ CONFIG_IOMMU_SUPPORT=y
 #
 # CONFIG_IOMMU_DEBUGFS is not set
 # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
-CONFIG_IOMMU_IOVA=y
 CONFIG_AMD_IOMMU=y
 # CONFIG_AMD_IOMMU_V2 is not set
 CONFIG_DMAR_TABLE=y
@@ -5288,7 +5300,6 @@ CONFIG_EXPORTFS_BLOCK_OPS=y
 CONFIG_FILE_LOCKING=y
 CONFIG_MANDATORY_FILE_LOCKING=y
 CONFIG_FS_ENCRYPTION=y
-# CONFIG_FS_VERITY is not set
 CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
 CONFIG_INOTIFY_USER=y
@@ -5549,7 +5560,6 @@ CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
 CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
@@ -5558,9 +5568,13 @@ CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
 CONFIG_SECURITY_SMACK_NETFILTER=y
 # CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
 CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 CONFIG_SECURITY_APPARMOR_DEBUG=y
@@ -5568,6 +5582,7 @@ CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS=y
 # CONFIG_SECURITY_APPARMOR_DEBUG_MESSAGES is not set
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
+CONFIG_SECURITY_SAFESETID=y
 CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
@@ -5598,11 +5613,7 @@ CONFIG_EVM_ATTR_FSUUID=y
 CONFIG_EVM_EXTRA_SMACK_XATTRS=y
 CONFIG_EVM_ADD_XATTRS=y
 # CONFIG_EVM_LOAD_X509 is not set
-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
-# CONFIG_DEFAULT_SECURITY_SMACK is not set
-CONFIG_DEFAULT_SECURITY_APPARMOR=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="apparmor"
+CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
 CONFIG_XOR_BLOCKS=y
 CONFIG_ASYNC_CORE=y
 CONFIG_ASYNC_MEMCPY=y
@@ -5967,7 +5978,6 @@ CONFIG_FRAME_WARN=2048
 # CONFIG_STRIP_ASM_SYMS is not set
 # CONFIG_READABLE_ASM is not set
 # CONFIG_UNUSED_SYMBOLS is not set
-# CONFIG_PAGE_OWNER is not set
 CONFIG_DEBUG_FS=y
 # CONFIG_HEADERS_CHECK is not set
 # CONFIG_DEBUG_SECTION_MISMATCH is not set
@@ -5985,6 +5995,7 @@ CONFIG_DEBUG_KERNEL=y
 #
 CONFIG_PAGE_EXTENSION=y
 # CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_PAGE_OWNER is not set
 CONFIG_PAGE_POISONING=y
 CONFIG_PAGE_POISONING_NO_SANITY=y
 # CONFIG_PAGE_POISONING_ZERO is not set
@@ -6016,7 +6027,6 @@ CONFIG_HAVE_ARCH_KASAN=y
 CONFIG_CC_HAS_KASAN_GENERIC=y
 CONFIG_KASAN=y
 CONFIG_KASAN_GENERIC=y
-CONFIG_KASAN_EXTRA=y
 # CONFIG_KASAN_OUTLINE is not set
 CONFIG_KASAN_INLINE=y
 # CONFIG_TEST_KASAN is not set
@@ -6159,6 +6169,7 @@ CONFIG_HAVE_ARCH_KGDB=y
 # CONFIG_KGDB is not set
 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
 # CONFIG_UBSAN is not set
+CONFIG_UBSAN_ALIGNMENT=y
 CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
 CONFIG_STRICT_DEVMEM=y
 # CONFIG_IO_STRICT_DEVMEM is not set
author	Dmitry Vyukov <dvyukov@google.com>	2019-02-01 11:00:59 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2019-02-01 11:00:59 +0100
commit	aa53be276dc84aa8b3825b3416542447ff82b41a (patch)
tree	43edabde2c0b9d5bb23a012d3ed440b856042d59
parent	b97b12358e9b3ab7fdf6b6c9714b1105c685e7c8 (diff)