From d018dd31bfa66650daec4d49dc7b264a827e7834 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 14 Dec 2021 11:09:26 +0100 Subject: dashboard/config/linux: reduce tomoyo learning quota High values of CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY cause significant slowdown (see issue #2892). Reduce the value. Fixes #2892 --- dashboard/config/linux/bits/lsm.yml | 3 ++- dashboard/config/linux/stable-5.4-kasan-base.config | 2 +- dashboard/config/linux/stable-5.4-kasan.config | 2 +- dashboard/config/linux/upstream-apparmor-kasan-base.config | 2 +- dashboard/config/linux/upstream-apparmor-kasan.config | 2 +- dashboard/config/linux/upstream-arm-kasan-base.config | 2 +- dashboard/config/linux/upstream-arm-kasan.config | 2 +- dashboard/config/linux/upstream-arm64-kasan-base.config | 2 +- dashboard/config/linux/upstream-arm64-kasan.config | 2 +- dashboard/config/linux/upstream-arm64-mte-base.config | 2 +- dashboard/config/linux/upstream-arm64-mte.config | 2 +- dashboard/config/linux/upstream-kmsan-base.config | 2 +- dashboard/config/linux/upstream-kmsan.config | 2 +- dashboard/config/linux/upstream-leak-base.config | 2 +- dashboard/config/linux/upstream-leak.config | 2 +- dashboard/config/linux/upstream-riscv64-kasan-base.config | 2 +- dashboard/config/linux/upstream-riscv64-kasan.config | 2 +- dashboard/config/linux/upstream-s390-kasan-base.config | 2 +- dashboard/config/linux/upstream-s390-kasan.config | 2 +- dashboard/config/linux/upstream-selinux-kasan-base.config | 2 +- dashboard/config/linux/upstream-selinux-kasan.config | 2 +- dashboard/config/linux/upstream-smack-kasan-base.config | 2 +- dashboard/config/linux/upstream-smack-kasan.config | 2 +- dashboard/config/linux/upstream-usb-base.config | 2 +- dashboard/config/linux/upstream-usb.config | 2 +- 25 files changed, 26 insertions(+), 25 deletions(-) (limited to 'dashboard') diff --git a/dashboard/config/linux/bits/lsm.yml b/dashboard/config/linux/bits/lsm.yml index 0c62be4ba..72996b437 100644 --- a/dashboard/config/linux/bits/lsm.yml +++ b/dashboard/config/linux/bits/lsm.yml @@ -9,7 +9,8 @@ config: - SECURITY_INFINIBAND: [optional] - SECURITY_TOMOYO - - SECURITY_TOMOYO_MAX_ACCEPT_ENTRY: 1024 + # The default setting of 1024 causes significant slowdown (see issue #2892). + - SECURITY_TOMOYO_MAX_ACCEPT_ENTRY: 64 - SECURITY_TOMOYO_MAX_AUDIT_LOG: 32 - SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING - SECURITY_YAMA diff --git a/dashboard/config/linux/stable-5.4-kasan-base.config b/dashboard/config/linux/stable-5.4-kasan-base.config index 0af9865d7..b19486940 100644 --- a/dashboard/config/linux/stable-5.4-kasan-base.config +++ b/dashboard/config/linux/stable-5.4-kasan-base.config @@ -4370,7 +4370,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/stable-5.4-kasan.config b/dashboard/config/linux/stable-5.4-kasan.config index 43aa14cc8..ad41f3c68 100644 --- a/dashboard/config/linux/stable-5.4-kasan.config +++ b/dashboard/config/linux/stable-5.4-kasan.config @@ -7443,7 +7443,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-apparmor-kasan-base.config b/dashboard/config/linux/upstream-apparmor-kasan-base.config index 2b019d2f5..604164db9 100644 --- a/dashboard/config/linux/upstream-apparmor-kasan-base.config +++ b/dashboard/config/linux/upstream-apparmor-kasan-base.config @@ -4512,7 +4512,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-apparmor-kasan.config b/dashboard/config/linux/upstream-apparmor-kasan.config index 8106a91fe..57e23a9f3 100644 --- a/dashboard/config/linux/upstream-apparmor-kasan.config +++ b/dashboard/config/linux/upstream-apparmor-kasan.config @@ -7970,7 +7970,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm-kasan-base.config b/dashboard/config/linux/upstream-arm-kasan-base.config index 219eed213..4c60a9353 100644 --- a/dashboard/config/linux/upstream-arm-kasan-base.config +++ b/dashboard/config/linux/upstream-arm-kasan-base.config @@ -3754,7 +3754,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm-kasan.config b/dashboard/config/linux/upstream-arm-kasan.config index eb0dc19e1..de9a4394a 100644 --- a/dashboard/config/linux/upstream-arm-kasan.config +++ b/dashboard/config/linux/upstream-arm-kasan.config @@ -6337,7 +6337,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm64-kasan-base.config b/dashboard/config/linux/upstream-arm64-kasan-base.config index d243e05e7..d02c37033 100644 --- a/dashboard/config/linux/upstream-arm64-kasan-base.config +++ b/dashboard/config/linux/upstream-arm64-kasan-base.config @@ -5566,7 +5566,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm64-kasan.config b/dashboard/config/linux/upstream-arm64-kasan.config index 9ccc20948..a20ab89aa 100644 --- a/dashboard/config/linux/upstream-arm64-kasan.config +++ b/dashboard/config/linux/upstream-arm64-kasan.config @@ -6027,7 +6027,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm64-mte-base.config b/dashboard/config/linux/upstream-arm64-mte-base.config index 2dac7d6fb..f29d82ab0 100644 --- a/dashboard/config/linux/upstream-arm64-mte-base.config +++ b/dashboard/config/linux/upstream-arm64-mte-base.config @@ -5547,7 +5547,7 @@ CONFIG_SECURITY_SMACK=y # CONFIG_SECURITY_SMACK_BRINGUP is not set # CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-arm64-mte.config b/dashboard/config/linux/upstream-arm64-mte.config index 561ddcd22..f1997602a 100644 --- a/dashboard/config/linux/upstream-arm64-mte.config +++ b/dashboard/config/linux/upstream-arm64-mte.config @@ -6011,7 +6011,7 @@ CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_SMACK_NETFILTER=y # CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-kmsan-base.config b/dashboard/config/linux/upstream-kmsan-base.config index 349795cc5..f82944254 100644 --- a/dashboard/config/linux/upstream-kmsan-base.config +++ b/dashboard/config/linux/upstream-kmsan-base.config @@ -4421,7 +4421,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-kmsan.config b/dashboard/config/linux/upstream-kmsan.config index f14f5eabf..5560f0b42 100644 --- a/dashboard/config/linux/upstream-kmsan.config +++ b/dashboard/config/linux/upstream-kmsan.config @@ -7744,7 +7744,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-leak-base.config b/dashboard/config/linux/upstream-leak-base.config index 1d6fe1593..d5511b41d 100644 --- a/dashboard/config/linux/upstream-leak-base.config +++ b/dashboard/config/linux/upstream-leak-base.config @@ -4476,7 +4476,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-leak.config b/dashboard/config/linux/upstream-leak.config index 556471c9a..28c123bfd 100644 --- a/dashboard/config/linux/upstream-leak.config +++ b/dashboard/config/linux/upstream-leak.config @@ -7939,7 +7939,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-riscv64-kasan-base.config b/dashboard/config/linux/upstream-riscv64-kasan-base.config index 6d7f9f062..2acfa632f 100644 --- a/dashboard/config/linux/upstream-riscv64-kasan-base.config +++ b/dashboard/config/linux/upstream-riscv64-kasan-base.config @@ -3161,7 +3161,7 @@ CONFIG_HARDENED_USERCOPY=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-riscv64-kasan.config b/dashboard/config/linux/upstream-riscv64-kasan.config index 4c40a55e7..43e5d01df 100644 --- a/dashboard/config/linux/upstream-riscv64-kasan.config +++ b/dashboard/config/linux/upstream-riscv64-kasan.config @@ -5776,7 +5776,7 @@ CONFIG_HARDENED_USERCOPY=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-s390-kasan-base.config b/dashboard/config/linux/upstream-s390-kasan-base.config index 0ef21e68a..86367e3eb 100644 --- a/dashboard/config/linux/upstream-s390-kasan-base.config +++ b/dashboard/config/linux/upstream-s390-kasan-base.config @@ -2611,7 +2611,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-s390-kasan.config b/dashboard/config/linux/upstream-s390-kasan.config index 61cf96c8f..9bf8471eb 100644 --- a/dashboard/config/linux/upstream-s390-kasan.config +++ b/dashboard/config/linux/upstream-s390-kasan.config @@ -5675,7 +5675,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-selinux-kasan-base.config b/dashboard/config/linux/upstream-selinux-kasan-base.config index caad3cf2a..3a30dcac1 100644 --- a/dashboard/config/linux/upstream-selinux-kasan-base.config +++ b/dashboard/config/linux/upstream-selinux-kasan-base.config @@ -4517,7 +4517,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-selinux-kasan.config b/dashboard/config/linux/upstream-selinux-kasan.config index 9b7d5a753..dd60eedfb 100644 --- a/dashboard/config/linux/upstream-selinux-kasan.config +++ b/dashboard/config/linux/upstream-selinux-kasan.config @@ -7972,7 +7972,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-smack-kasan-base.config b/dashboard/config/linux/upstream-smack-kasan-base.config index c5de82028..8a0639f45 100644 --- a/dashboard/config/linux/upstream-smack-kasan-base.config +++ b/dashboard/config/linux/upstream-smack-kasan-base.config @@ -4513,7 +4513,7 @@ CONFIG_SECURITY_SMACK=y # CONFIG_SECURITY_SMACK_NETFILTER is not set # CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-smack-kasan.config b/dashboard/config/linux/upstream-smack-kasan.config index 881b553d2..da6583a97 100644 --- a/dashboard/config/linux/upstream-smack-kasan.config +++ b/dashboard/config/linux/upstream-smack-kasan.config @@ -7971,7 +7971,7 @@ CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_SMACK_NETFILTER=y # CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-usb-base.config b/dashboard/config/linux/upstream-usb-base.config index 677ce5e15..022e2dae6 100644 --- a/dashboard/config/linux/upstream-usb-base.config +++ b/dashboard/config/linux/upstream-usb-base.config @@ -4535,7 +4535,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y diff --git a/dashboard/config/linux/upstream-usb.config b/dashboard/config/linux/upstream-usb.config index 63285410b..3fd9fb4f8 100644 --- a/dashboard/config/linux/upstream-usb.config +++ b/dashboard/config/linux/upstream-usb.config @@ -7080,7 +7080,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_SELINUX is not set # CONFIG_SECURITY_SMACK is not set CONFIG_SECURITY_TOMOYO=y -CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=1024 +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=64 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=32 CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER=y CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING=y -- cgit mrf-deployment