From patchwork Fri Jul 31 20:40:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adam Duskett X-Patchwork-Id: 1339591 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Q/JzhRqt; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BJK1n48d8z9sRW for ; Sat, 1 Aug 2020 06:41:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 52CCC20455; Fri, 31 Jul 2020 20:41:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXIj2PHRAajq; Fri, 31 Jul 2020 20:41:10 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 75DB0204B5; Fri, 31 Jul 2020 20:41:09 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 409F31BF4DB for ; Fri, 31 Jul 2020 20:41:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 22DE988378 for ; Fri, 31 Jul 2020 20:41:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2unWO3Ld0yT for ; Fri, 31 Jul 2020 20:41:06 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by whitealder.osuosl.org (Postfix) with ESMTPS id E231E88376 for ; Fri, 31 Jul 2020 20:41:06 +0000 (UTC) Received: by mail-pg1-f195.google.com with SMTP id k27so16641787pgm.2 for ; Fri, 31 Jul 2020 13:41:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oH5u8CFcMR0aTtXSSbyRQe5xCcYReuD1wNIqB9wbtM0=; b=Q/JzhRqtsWpRto4TvYGosboPrKJI/mTpv/dytfC59Zt3PiCY4IIfj1mAytvQkEFChO sBob556x0AceC3pNmRZNWkxvYNPmbXNTaFm/Ve14dEoYm0e6i4oUT+ox81Nsxs4Mby+h l+PdFUGkn4tcBOQoJqwQDj6nJKT2luzhfqDC5NY0BcIUB1LbGJEEk3jD/YVVOJwlG2Lz SKIzrykt5ENW3XJpQVM6/U+m6UMR29yeCu0Efiougs9QLY/VMe+zIxWnchZMDAiekzW7 xN9noqg2Cv9S2hhLkfNKYb8okW28yezRth1V68+0XftuB4s317a9O0jIryk278vuWmFX 39+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oH5u8CFcMR0aTtXSSbyRQe5xCcYReuD1wNIqB9wbtM0=; b=ixot4SqeBw3s1mC2f5lgD0E+eqiKZSYLCeBT5Iqdrq/2LHhZ5dsusMmIW8W8dnKDxX RHC7CH1/PByH7RIM6jUIJB7V70R2PwmUaSaoB5hTYgV7wyhEQbbIB7bonRrATIh6511w PxwqvLZGsFHuOsTTUqeWdORjrg0hqkFKp5TnpQXgADPgW+cxE6tC7i9VIfiJXwE9udjM zWDL49kVq8mFt9MjScRDOeENNn3WM9jf/EDtntHETOawXNN0E1mEqwqKnrFwx9aLzCc4 N7WGL9ZTSdtTmvsFw8brzAPXa9yYIQyVP4RGYsYC/vYv6IREOn4pp36OFtvoWLvpFSei PTBw== X-Gm-Message-State: AOAM532Shyx5tuzI3h9kc/7NcYc13PL2r0UvEbfaR81ZF7pxN+plPLmr 3YgZShrnK7eTYEhFHfF/DbFuQFiTmGw= X-Google-Smtp-Source: ABdhPJzgE0zH30YjiQRvtbBxYev3RCjjAejeGZ3+RMybKkAiPmXoKznXXNhU6FlGTYKUI6h+PtITLQ== X-Received: by 2002:a65:67d9:: with SMTP id b25mr5420557pgs.311.1596228066276; Fri, 31 Jul 2020 13:41:06 -0700 (PDT) Received: from localhost.localdomain ([47.149.8.172]) by smtp.gmail.com with ESMTPSA id j20sm2899368pjy.51.2020.07.31.13.41.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 Jul 2020 13:41:05 -0700 (PDT) From: aduskett@gmail.com To: buildroot@buildroot.org Date: Fri, 31 Jul 2020 13:40:52 -0700 Message-Id: <20200731204100.1171427-2-aduskett@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200731204100.1171427-1-aduskett@gmail.com> References: <20200731204100.1171427-1-aduskett@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/9] package/libselinux: set the config_lsm kernel config option to selinux X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matt Weber , Marcus Folkesson , Adam Duskett Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Adam Duskett Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX kernel option. However, as of kernels >= 5.1, this option is superseded in favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel should initialize in order. As the previous behavior of this package sets the kernel's default and only LSM to initialize to SELinux, it is safe to set this string to just selinux. If the user wants additional LSM's, they may do so with a custom kernel config. Signed-off-by: Adam Duskett --- package/libselinux/libselinux.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk index f7397141d5..521dbaaba8 100644 --- a/package/libselinux/libselinux.mk +++ b/package/libselinux/libselinux.mk @@ -111,6 +111,7 @@ define LIBSELINUX_LINUX_CONFIG_FIXUPS $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY) $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK) $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX) + $(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux") endef $(eval $(generic-package))