diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2022-03-18 14:39:25 +0000 |
|---|---|---|
| committer | Aleksandr Nogikh <wp32pw@gmail.com> | 2022-04-06 17:14:45 +0200 |
| commit | 71a2f2b60713b8c94deaea628f6a25ad6c119eca (patch) | |
| tree | c7a2c339361f5cfbd734027896c87a45899d8df8 /dashboard/config/linux | |
| parent | 4b123ad18ec48ee662dfb0aa6f2bc00c6d4e4635 (diff) | |
dashboard/config: enable SECURITY_SELINUX_DEVELOP
This option enables the "enforcing=?" option (at least), which
simplifies SELINUX configuration.
Diffstat (limited to 'dashboard/config/linux')
7 files changed, 7 insertions, 6 deletions
diff --git a/dashboard/config/linux/bits/selinux.yml b/dashboard/config/linux/bits/selinux.yml index 9438fbb28..9eb2365a0 100644 --- a/dashboard/config/linux/bits/selinux.yml +++ b/dashboard/config/linux/bits/selinux.yml @@ -5,6 +5,7 @@ config: - SECURITY_APPARMOR: n - SECURITY_SMACK: n - SECURITY_SELINUX + - SECURITY_SELINUX_DEVELOP - SECURITY_SELINUX_DISABLE: n - DEFAULT_SECURITY_SELINUX - LSM: "landlock,lockdown,yama,safesetid,integrity,tomoyo,selinux,bpf" diff --git a/dashboard/config/linux/upstream-arm-full-base.config b/dashboard/config/linux/upstream-arm-full-base.config index 7b14846b8..0360b35ef 100644 --- a/dashboard/config/linux/upstream-arm-full-base.config +++ b/dashboard/config/linux/upstream-arm-full-base.config @@ -3871,7 +3871,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 diff --git a/dashboard/config/linux/upstream-arm-full.config b/dashboard/config/linux/upstream-arm-full.config index dc5272b0a..e56c40862 100644 --- a/dashboard/config/linux/upstream-arm-full.config +++ b/dashboard/config/linux/upstream-arm-full.config @@ -7799,7 +7799,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 diff --git a/dashboard/config/linux/upstream-arm-kasan-base.config b/dashboard/config/linux/upstream-arm-kasan-base.config index 7ba9c2b5f..1104a4834 100644 --- a/dashboard/config/linux/upstream-arm-kasan-base.config +++ b/dashboard/config/linux/upstream-arm-kasan-base.config @@ -3816,7 +3816,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 diff --git a/dashboard/config/linux/upstream-arm-kasan.config b/dashboard/config/linux/upstream-arm-kasan.config index 5e5c11cad..df7380143 100644 --- a/dashboard/config/linux/upstream-arm-kasan.config +++ b/dashboard/config/linux/upstream-arm-kasan.config @@ -6441,7 +6441,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 diff --git a/dashboard/config/linux/upstream-arm64-kasan-base.config b/dashboard/config/linux/upstream-arm64-kasan-base.config index 537004fa8..df61db7ae 100644 --- a/dashboard/config/linux/upstream-arm64-kasan-base.config +++ b/dashboard/config/linux/upstream-arm64-kasan-base.config @@ -5683,7 +5683,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 diff --git a/dashboard/config/linux/upstream-arm64-kasan.config b/dashboard/config/linux/upstream-arm64-kasan.config index 8fc45529e..4aff21532 100644 --- a/dashboard/config/linux/upstream-arm64-kasan.config +++ b/dashboard/config/linux/upstream-arm64-kasan.config @@ -6131,7 +6131,7 @@ CONFIG_FORTIFY_SOURCE=y CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set -# CONFIG_SECURITY_SELINUX_DEVELOP is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y # CONFIG_SECURITY_SELINUX_AVC_STATS is not set CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 |