From c7a9540906c9efe69277ade7e3f3fcd3c23192cf Mon Sep 17 00:00:00 2001 From: Albert Schwarzkopf Date: Thu, 29 Dec 2022 00:01:04 +0100 Subject: [PATCH] linux5.15+: Add landlock to CONFIG_LSM --- srcpkgs/linux5.15/files/arm64-dotconfig | 2 +- srcpkgs/linux5.15/files/i386-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc64-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc64le-dotconfig | 2 +- srcpkgs/linux5.15/files/x86_64-dotconfig | 2 +- srcpkgs/linux6.0/files/arm64-dotconfig | 2 +- srcpkgs/linux6.0/files/i386-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc64-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc64le-dotconfig | 2 +- srcpkgs/linux6.0/files/x86_64-dotconfig | 2 +- srcpkgs/linux6.1/files/arm64-dotconfig | 2 +- srcpkgs/linux6.1/files/i386-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc64-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc64le-dotconfig | 2 +- srcpkgs/linux6.1/files/x86_64-dotconfig | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/srcpkgs/linux5.15/files/arm64-dotconfig b/srcpkgs/linux5.15/files/arm64-dotconfig index 40c18915d3bc79..c3d64f6203ada5 100644 --- a/srcpkgs/linux5.15/files/arm64-dotconfig +++ b/srcpkgs/linux5.15/files/arm64-dotconfig @@ -11226,7 +11226,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/i386-dotconfig b/srcpkgs/linux5.15/files/i386-dotconfig index 1f90e83f094cb6..a76b25edb7d387 100644 --- a/srcpkgs/linux5.15/files/i386-dotconfig +++ b/srcpkgs/linux5.15/files/i386-dotconfig @@ -9544,7 +9544,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc-dotconfig b/srcpkgs/linux5.15/files/ppc-dotconfig index 56421d1745f22f..891c36f5e59227 100644 --- a/srcpkgs/linux5.15/files/ppc-dotconfig +++ b/srcpkgs/linux5.15/files/ppc-dotconfig @@ -7674,7 +7674,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc64-dotconfig b/srcpkgs/linux5.15/files/ppc64-dotconfig index 601f1d55d2ee10..4cbbc7be7c995c 100644 --- a/srcpkgs/linux5.15/files/ppc64-dotconfig +++ b/srcpkgs/linux5.15/files/ppc64-dotconfig @@ -9658,7 +9658,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc64le-dotconfig b/srcpkgs/linux5.15/files/ppc64le-dotconfig index 5fafdb797f0be8..c4220b08d1c913 100644 --- a/srcpkgs/linux5.15/files/ppc64le-dotconfig +++ b/srcpkgs/linux5.15/files/ppc64le-dotconfig @@ -9380,7 +9380,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/x86_64-dotconfig b/srcpkgs/linux5.15/files/x86_64-dotconfig index 7c711c66f9daba..e452c0f0839687 100644 --- a/srcpkgs/linux5.15/files/x86_64-dotconfig +++ b/srcpkgs/linux5.15/files/x86_64-dotconfig @@ -9728,7 +9728,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/arm64-dotconfig b/srcpkgs/linux6.0/files/arm64-dotconfig index c708bc401cb3f8..60a19732fb4200 100644 --- a/srcpkgs/linux6.0/files/arm64-dotconfig +++ b/srcpkgs/linux6.0/files/arm64-dotconfig @@ -11759,7 +11759,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/i386-dotconfig b/srcpkgs/linux6.0/files/i386-dotconfig index eb5ad6fce09ab6..ea5bddf4685d09 100644 --- a/srcpkgs/linux6.0/files/i386-dotconfig +++ b/srcpkgs/linux6.0/files/i386-dotconfig @@ -9964,7 +9964,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc-dotconfig b/srcpkgs/linux6.0/files/ppc-dotconfig index 62a721ff52cb48..2bf2cb2411a662 100644 --- a/srcpkgs/linux6.0/files/ppc-dotconfig +++ b/srcpkgs/linux6.0/files/ppc-dotconfig @@ -8005,7 +8005,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc64-dotconfig b/srcpkgs/linux6.0/files/ppc64-dotconfig index 841ae1a350d36f..d8c80c856e9f50 100644 --- a/srcpkgs/linux6.0/files/ppc64-dotconfig +++ b/srcpkgs/linux6.0/files/ppc64-dotconfig @@ -10030,7 +10030,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc64le-dotconfig b/srcpkgs/linux6.0/files/ppc64le-dotconfig index a32850c87f394e..f263d08b03efff 100644 --- a/srcpkgs/linux6.0/files/ppc64le-dotconfig +++ b/srcpkgs/linux6.0/files/ppc64le-dotconfig @@ -9750,7 +9750,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/x86_64-dotconfig b/srcpkgs/linux6.0/files/x86_64-dotconfig index fc67dc69992616..b592092a4bf707 100644 --- a/srcpkgs/linux6.0/files/x86_64-dotconfig +++ b/srcpkgs/linux6.0/files/x86_64-dotconfig @@ -10188,7 +10188,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/arm64-dotconfig b/srcpkgs/linux6.1/files/arm64-dotconfig index c244e5af74ee15..138dfb47a12310 100644 --- a/srcpkgs/linux6.1/files/arm64-dotconfig +++ b/srcpkgs/linux6.1/files/arm64-dotconfig @@ -11785,7 +11785,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/i386-dotconfig b/srcpkgs/linux6.1/files/i386-dotconfig index d549a893253475..f484941f12e51a 100644 --- a/srcpkgs/linux6.1/files/i386-dotconfig +++ b/srcpkgs/linux6.1/files/i386-dotconfig @@ -9981,7 +9981,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc-dotconfig b/srcpkgs/linux6.1/files/ppc-dotconfig index 1aa3fc01e3cb06..42533d89a6e61c 100644 --- a/srcpkgs/linux6.1/files/ppc-dotconfig +++ b/srcpkgs/linux6.1/files/ppc-dotconfig @@ -8009,7 +8009,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc64-dotconfig b/srcpkgs/linux6.1/files/ppc64-dotconfig index 82058e328ec973..cb41cf4b037f91 100644 --- a/srcpkgs/linux6.1/files/ppc64-dotconfig +++ b/srcpkgs/linux6.1/files/ppc64-dotconfig @@ -10050,7 +10050,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc64le-dotconfig b/srcpkgs/linux6.1/files/ppc64le-dotconfig index 1881ce75cecfbe..2d85dcc227c1c4 100644 --- a/srcpkgs/linux6.1/files/ppc64le-dotconfig +++ b/srcpkgs/linux6.1/files/ppc64le-dotconfig @@ -9771,7 +9771,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/x86_64-dotconfig b/srcpkgs/linux6.1/files/x86_64-dotconfig index d6ed831e1921cd..20579c094dee86 100644 --- a/srcpkgs/linux6.1/files/x86_64-dotconfig +++ b/srcpkgs/linux6.1/files/x86_64-dotconfig @@ -10219,7 +10219,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options