[4/5] kernel: update config (disable AUDIT subsys)

Message ID 1504821279-1877-4-git-send-email-arne_f@ipfire.org
State Accepted
Commit 9cd4bbd901240a8736f57112ad53e57ee512aed1
Headers show
Series
  • [1/5] kernel: update to 4.12.8
Related show

Commit Message

Arne Fitzenreiter Sept. 7, 2017, 9:54 p.m.
audit support was removed from the userspace so also the kernel not need it anymore.

fixes #11465

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 kernel/config-arm-generic   | 11 +++++------
 kernel/config-arm64-generic |  3 +--
 kernel/config-generic       | 28 +++++++---------------------
 kernel/config-x86-generic   |  7 ++++++-
 kernel/kernel.nm            |  1 -
 5 files changed, 19 insertions(+), 31 deletions(-)

Patch

diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic
index 8f7f464..130c530 100644
--- a/kernel/config-arm-generic
+++ b/kernel/config-arm-generic
@@ -428,6 +428,11 @@  CONFIG_DRM_MESON=m
 CONFIG_DRM_MESON_DW_HDMI=m
 
 #
+# Frame buffer Devices
+#
+# CONFIG_FB_BOOT_VESA_SUPPORT is not set
+
+#
 # Frame buffer hardware drivers
 #
 # CONFIG_FB_ARMCLCD is not set
@@ -725,11 +730,6 @@  CONFIG_RCU_CPU_STALL_TIMEOUT=21
 # CONFIG_CORESIGHT is not set
 
 #
-# Security options
-#
-CONFIG_LSM_MMAP_MIN_ADDR=32768
-
-#
 # Crypto core or helper
 #
 CONFIG_CRYPTO_GF128MUL=m
@@ -748,5 +748,4 @@  CONFIG_CRYPTO_CHACHA20_NEON=m
 #
 # Library routines
 #
-CONFIG_AUDIT_GENERIC=y
 CONFIG_LIBFDT=y
diff --git a/kernel/config-arm64-generic b/kernel/config-arm64-generic
index 208c138..ef5aca3 100644
--- a/kernel/config-arm64-generic
+++ b/kernel/config-arm64-generic
@@ -400,7 +400,7 @@  CONFIG_HISI_KIRIN_DW_DSI=m
 #
 # Frame buffer hardware drivers
 #
-# CONFIG_FB_EFI is not set
+CONFIG_FB_EFI=y
 
 #
 # Console display driver support
@@ -709,6 +709,5 @@  CONFIG_CRYPTO_AES_ARM64_BS=m
 # Library routines
 #
 CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y
-CONFIG_AUDIT_COMPAT_GENERIC=y
 CONFIG_HAS_IOPORT_MAP=y
 CONFIG_UCS2_STRING=y
diff --git a/kernel/config-generic b/kernel/config-generic
index 5fac561..c151769 100644
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -34,11 +34,8 @@  CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
 CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
-CONFIG_AUDIT=y
+# CONFIG_AUDIT is not set
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT_WATCH=y
-CONFIG_AUDIT_TREE=y
 
 #
 # IRQ subsystem
@@ -697,7 +694,6 @@  CONFIG_NETFILTER_XT_SET=m
 #
 # Xtables targets
 #
-CONFIG_NETFILTER_XT_TARGET_AUDIT=m
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
@@ -3795,10 +3791,9 @@  CONFIG_FIRMWARE_EDID=y
 CONFIG_FB_CMDLINE=y
 CONFIG_FB_NOTIFY=y
 # CONFIG_FB_DDC is not set
-CONFIG_FB_BOOT_VESA_SUPPORT=y
-CONFIG_FB_CFB_FILLRECT=m
-CONFIG_FB_CFB_COPYAREA=m
-CONFIG_FB_CFB_IMAGEBLIT=m
+CONFIG_FB_CFB_FILLRECT=y
+CONFIG_FB_CFB_COPYAREA=y
+CONFIG_FB_CFB_IMAGEBLIT=y
 # CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
 CONFIG_FB_SYS_FILLRECT=m
 CONFIG_FB_SYS_COPYAREA=m
@@ -5578,7 +5573,7 @@  CONFIG_ENCRYPTED_KEYS=m
 # CONFIG_KEY_DH_OPERATIONS is not set
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
-CONFIG_SECURITY_WRITABLE_HOOKS=y
+# CONFIG_SECURITY_WRITABLE_HOOKS is not set
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
@@ -5587,13 +5582,6 @@  CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_PAGESPAN=y
 # CONFIG_STATIC_USERMODEHELPER is not set
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
@@ -5603,12 +5591,10 @@  CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="selinux"
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m
 CONFIG_ASYNC_CORE=m
 CONFIG_ASYNC_MEMCPY=m
diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic
index 50318e3..1ed2ee2 100644
--- a/kernel/config-x86-generic
+++ b/kernel/config-x86-generic
@@ -1106,6 +1106,11 @@  CONFIG_DRM_VMWGFX=m
 CONFIG_HSA_AMD=m
 
 #
+# Frame buffer Devices
+#
+CONFIG_FB_BOOT_VESA_SUPPORT=y
+
+#
 # Frame buffer hardware drivers
 #
 # CONFIG_FB_ARC is not set
@@ -1482,6 +1487,7 @@  CONFIG_EFIVAR_FS=m
 #
 # Compile-time checks and compiler options
 #
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
 CONFIG_ARCH_WANT_FRAME_POINTERS=y
 CONFIG_FRAME_POINTER=y
 CONFIG_STACK_VALIDATION=y
@@ -1553,7 +1559,6 @@  CONFIG_OPTIMIZE_INLINING=y
 #
 CONFIG_KEYS_COMPAT=y
 CONFIG_INTEL_TXT=y
-CONFIG_LSM_MMAP_MIN_ADDR=65536
 
 #
 # Crypto core or helper
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index 0724d4d..4936b6a 100644
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -33,7 +33,6 @@  build
 
 	requires
 		asciidoc
-		audit-devel
 		bc
 		binutils >= 2.25
 		binutils-devel