From dabd7d07d0f403db2f1a1d13c26af5d5b5ce33a5 Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Tue, 27 Jun 2023 19:48:55 +0200 Subject: dashboard/config: enable EXT4_FS_SECURITY for SELinux --- dashboard/config/linux/bits/selinux.yml | 2 ++ dashboard/config/linux/upstream-arm-full-base.config | 2 +- dashboard/config/linux/upstream-arm-kasan-base.config | 2 +- dashboard/config/linux/upstream-arm-kasan.config | 2 +- dashboard/config/linux/upstream-arm64-kasan-base.config | 2 +- dashboard/config/linux/upstream-arm64-kasan.config | 2 +- 6 files changed, 7 insertions(+), 5 deletions(-) diff --git a/dashboard/config/linux/bits/selinux.yml b/dashboard/config/linux/bits/selinux.yml index 9eb2365a0..919e92140 100644 --- a/dashboard/config/linux/bits/selinux.yml +++ b/dashboard/config/linux/bits/selinux.yml @@ -8,4 +8,6 @@ config: - SECURITY_SELINUX_DEVELOP - SECURITY_SELINUX_DISABLE: n - DEFAULT_SECURITY_SELINUX + # Otherwise we get the "SELinux: (dev *, type ext4) has no security xattr handler" error. + - EXT4_FS_SECURITY - LSM: "landlock,lockdown,yama,safesetid,integrity,tomoyo,selinux,bpf" diff --git a/dashboard/config/linux/upstream-arm-full-base.config b/dashboard/config/linux/upstream-arm-full-base.config index f486a5fce..abd1d5676 100644 --- a/dashboard/config/linux/upstream-arm-full-base.config +++ b/dashboard/config/linux/upstream-arm-full-base.config @@ -3692,7 +3692,7 @@ CONFIG_EXT3_FS=y # CONFIG_EXT3_FS_SECURITY is not set CONFIG_EXT4_FS=y # CONFIG_EXT4_FS_POSIX_ACL is not set -# CONFIG_EXT4_FS_SECURITY is not set +CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set diff --git a/dashboard/config/linux/upstream-arm-kasan-base.config b/dashboard/config/linux/upstream-arm-kasan-base.config index b1ef1063c..682d89409 100644 --- a/dashboard/config/linux/upstream-arm-kasan-base.config +++ b/dashboard/config/linux/upstream-arm-kasan-base.config @@ -3689,7 +3689,7 @@ CONFIG_EXT2_FS=y # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y # CONFIG_EXT4_FS_POSIX_ACL is not set -# CONFIG_EXT4_FS_SECURITY is not set +CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set diff --git a/dashboard/config/linux/upstream-arm-kasan.config b/dashboard/config/linux/upstream-arm-kasan.config index 5f2e5a4b4..96ace5071 100644 --- a/dashboard/config/linux/upstream-arm-kasan.config +++ b/dashboard/config/linux/upstream-arm-kasan.config @@ -6304,7 +6304,7 @@ CONFIG_EXT2_FS=y # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y # CONFIG_EXT4_FS_POSIX_ACL is not set -# CONFIG_EXT4_FS_SECURITY is not set +CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set diff --git a/dashboard/config/linux/upstream-arm64-kasan-base.config b/dashboard/config/linux/upstream-arm64-kasan-base.config index 8088b0c7d..c3a37320c 100644 --- a/dashboard/config/linux/upstream-arm64-kasan-base.config +++ b/dashboard/config/linux/upstream-arm64-kasan-base.config @@ -5636,7 +5636,7 @@ CONFIG_EXT2_FS=y # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y CONFIG_EXT4_FS_POSIX_ACL=y -# CONFIG_EXT4_FS_SECURITY is not set +CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set diff --git a/dashboard/config/linux/upstream-arm64-kasan.config b/dashboard/config/linux/upstream-arm64-kasan.config index 02c836536..7479a0ab6 100644 --- a/dashboard/config/linux/upstream-arm64-kasan.config +++ b/dashboard/config/linux/upstream-arm64-kasan.config @@ -6057,7 +6057,7 @@ CONFIG_EXT2_FS=y # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y CONFIG_EXT4_FS_POSIX_ACL=y -# CONFIG_EXT4_FS_SECURITY is not set +CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set -- cgit mrf-deployment