config: add AppArmor, make both SELinux and AppArmor disabled by default

If the VM would want to use those mechanisms, it can always enable them. But do not confuse system without support for them with those mechanisms. This is especially for fedora-21-minimal template, which does not have script to disable SELinux, thus the template is unusable then.
2015-06-21 00:10:11 +02:00 · 2015-06-21 00:10:11 +02:00 · 3d25e69812
commit 3d25e69812
parent 0adbe73ad8
1 changed files with 12 additions and 9 deletions
--- a/21
+++ b/21
@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.18.9 Kernel Configuration
+# Linux/x86 3.18.10 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@ -6274,7 +6274,7 @@ CONFIG_OPTIMIZE_INLINING=y
 #
 CONFIG_KEYS=y
 CONFIG_PERSISTENT_KEYRINGS=y
-CONFIG_BIG_KEYS=y
+# CONFIG_BIG_KEYS is not set
 CONFIG_TRUSTED_KEYS=m
 CONFIG_ENCRYPTED_KEYS=m
 CONFIG_KEYS_DEBUG_PROC_KEYS=y
@ -6283,12 +6283,12 @@ CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=65536
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
@ -6296,12 +6296,15 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
 # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_APPARMOR_HASH=y
 # CONFIG_SECURITY_YAMA is not set
 # CONFIG_INTEGRITY is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="selinux"
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m
 CONFIG_ASYNC_CORE=m
 CONFIG_ASYNC_MEMCPY=m
@ -6510,7 +6513,7 @@ CONFIG_CRC32_SLICEBY8=y
 # CONFIG_CRC32_SLICEBY4 is not set
 # CONFIG_CRC32_SARWATE is not set
 # CONFIG_CRC32_BIT is not set
-# CONFIG_CRC7 is not set
+CONFIG_CRC7=m
 CONFIG_LIBCRC32C=m
 CONFIG_CRC8=m
 # CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set