From 3d25e698129a245d5b033757d1529be056b18b66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 21 Jun 2015 00:10:11 +0200 Subject: [PATCH] config: add AppArmor, make both SELinux and AppArmor disabled by default If the VM would want to use those mechanisms, it can always enable them. But do not confuse system without support for them with those mechanisms. This is especially for fedora-21-minimal template, which does not have script to disable SELinux, thus the template is unusable then. --- config-pvops | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/config-pvops b/config-pvops index ffbe09f..5ab0332 100644 --- a/config-pvops +++ b/config-pvops @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.18.9 Kernel Configuration +# Linux/x86 3.18.10 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -6274,7 +6274,7 @@ CONFIG_OPTIMIZE_INLINING=y # CONFIG_KEYS=y CONFIG_PERSISTENT_KEYRINGS=y -CONFIG_BIG_KEYS=y +# CONFIG_BIG_KEYS is not set CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m CONFIG_KEYS_DEBUG_PROC_KEYS=y @@ -6283,12 +6283,12 @@ CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y -# CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y -CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y @@ -6296,12 +6296,15 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_APPARMOR_HASH=y # CONFIG_SECURITY_YAMA is not set # CONFIG_INTEGRITY is not set -CONFIG_DEFAULT_SECURITY_SELINUX=y -# CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_DEFAULT_SECURITY="selinux" +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m CONFIG_ASYNC_CORE=m CONFIG_ASYNC_MEMCPY=m @@ -6510,7 +6513,7 @@ CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC32_SLICEBY4 is not set # CONFIG_CRC32_SARWATE is not set # CONFIG_CRC32_BIT is not set -# CONFIG_CRC7 is not set +CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m # CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set