Skip to content

Commit

Permalink
configs: Include AppArmor support
Browse files Browse the repository at this point in the history 
AppArmor security has been a long-requested feature. This commit
adds the config settings necessary to allow it to be enabled at boot
time using the kernel command line (cmdline.txt) - just include:

    lsm="apparmor"

The commit also includes a few settings to give better control over
processes or containers.

See: #1698

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
  • Loading branch information
@pelwell @popcornmix
pelwell authored and popcornmix committed Oct 16, 2020
1 parent 3966602 commit 7539687
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 3 deletions.
7 changes: 6 additions & 1 deletion arch/arm/configs/bcm2709_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
CONFIG_IKCONFIG_PROC=y
CONFIG_MEMCG=y
CONFIG_BLK_CGROUP=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
Expand Down Expand Up @@ -390,6 +392,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_BATMAN_ADV=m
CONFIG_OPENVSWITCH=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_NET_PKTGEN=m
CONFIG_HAMRADIO=y
CONFIG_AX25=m
Expand Down Expand Up @@ -1429,7 +1432,9 @@ CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
# CONFIG_SECURITYFS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_TGR192=m
Expand Down
6 changes: 6 additions & 0 deletions arch/arm/configs/bcm2711_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,13 @@ CONFIG_IKCONFIG=m
CONFIG_IKCONFIG_PROC=y
CONFIG_MEMCG=y
CONFIG_BLK_CGROUP=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
Expand Down Expand Up @@ -390,6 +392,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_BATMAN_ADV=m
CONFIG_OPENVSWITCH=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_NET_PKTGEN=m
CONFIG_HAMRADIO=y
CONFIG_AX25=m
Expand Down Expand Up @@ -1462,6 +1465,9 @@ CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_TGR192=m
Expand Down
8 changes: 7 additions & 1 deletion arch/arm/configs/bcmrpi_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,12 @@ CONFIG_IKCONFIG=m
CONFIG_IKCONFIG_PROC=y
CONFIG_MEMCG=y
CONFIG_BLK_CGROUP=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
Expand Down Expand Up @@ -383,6 +386,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_BATMAN_ADV=m
CONFIG_OPENVSWITCH=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_NET_PKTGEN=m
CONFIG_HAMRADIO=y
CONFIG_AX25=m
Expand Down Expand Up @@ -1437,7 +1441,9 @@ CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
# CONFIG_SECURITYFS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_CBC=y
Expand Down
6 changes: 6 additions & 0 deletions arch/arm64/configs/bcm2711_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@ CONFIG_IKCONFIG=m
CONFIG_IKCONFIG_PROC=y
CONFIG_MEMCG=y
CONFIG_BLK_CGROUP=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
Expand Down Expand Up @@ -386,6 +388,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_BATMAN_ADV=m
CONFIG_OPENVSWITCH=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_NET_PKTGEN=m
CONFIG_HAMRADIO=y
CONFIG_AX25=m
Expand Down Expand Up @@ -1456,6 +1459,9 @@ CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_TGR192=m
Expand Down
8 changes: 7 additions & 1 deletion arch/arm64/configs/bcmrpi3_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,13 @@ CONFIG_IKCONFIG=m
CONFIG_IKCONFIG_PROC=y
CONFIG_MEMCG=y
CONFIG_BLK_CGROUP=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_NAMESPACES=y
CONFIG_USER_NS=y
Expand Down Expand Up @@ -382,6 +385,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_BATMAN_ADV=m
CONFIG_OPENVSWITCH=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_NET_PKTGEN=m
CONFIG_HAMRADIO=y
CONFIG_AX25=m
Expand Down Expand Up @@ -1307,7 +1311,9 @@ CONFIG_NLS_ISO8859_15=m
CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
# CONFIG_SECURITYFS is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_TGR192=m
Expand Down

0 comments on commit 7539687

Please sign in to comment.