From patchwork Fri Sep  8 07:54:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Fitzenreiter <arne_f@ipfire.org>
X-Patchwork-Id: 1410
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.ipfire.org (Postfix) with ESMTP id 913D46146E
	for <patchwork@ipfire.org>; Thu,  7 Sep 2017 23:55:33 +0200 (CEST)
Received: from mail01.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 24169286E;
	Thu,  7 Sep 2017 23:55:32 +0200 (CEST)
Received: from localhost.localdomain (55d43ba2.access.ecotel.net
	[85.212.59.162])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 0F0F02871;
	Thu,  7 Sep 2017 23:55:27 +0200 (CEST)
From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 4/5] kernel: update config (disable AUDIT subsys)
Date: Thu,  7 Sep 2017 21:54:38 +0000
Message-Id: <1504821279-1877-4-git-send-email-arne_f@ipfire.org>
X-Mailer: git-send-email 2.6.3
In-Reply-To: <1504821279-1877-1-git-send-email-arne_f@ipfire.org>
References: <1504821279-1877-1-git-send-email-arne_f@ipfire.org>
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

audit support was removed from the userspace so also the kernel not need it anymore.

fixes #11465

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 kernel/config-arm-generic   | 11 +++++------
 kernel/config-arm64-generic |  3 +--
 kernel/config-generic       | 28 +++++++---------------------
 kernel/config-x86-generic   |  7 ++++++-
 kernel/kernel.nm            |  1 -
 5 files changed, 19 insertions(+), 31 deletions(-)

diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic
index 8f7f464..130c530 100644
--- a/kernel/config-arm-generic
+++ b/kernel/config-arm-generic
@@ -428,6 +428,11 @@ CONFIG_DRM_MESON=m
 CONFIG_DRM_MESON_DW_HDMI=m
 
 #
+# Frame buffer Devices
+#
+# CONFIG_FB_BOOT_VESA_SUPPORT is not set
+
+#
 # Frame buffer hardware drivers
 #
 # CONFIG_FB_ARMCLCD is not set
@@ -725,11 +730,6 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=21
 # CONFIG_CORESIGHT is not set
 
 #
-# Security options
-#
-CONFIG_LSM_MMAP_MIN_ADDR=32768
-
-#
 # Crypto core or helper
 #
 CONFIG_CRYPTO_GF128MUL=m
@@ -748,5 +748,4 @@ CONFIG_CRYPTO_CHACHA20_NEON=m
 #
 # Library routines
 #
-CONFIG_AUDIT_GENERIC=y
 CONFIG_LIBFDT=y
diff --git a/kernel/config-arm64-generic b/kernel/config-arm64-generic
index 208c138..ef5aca3 100644
--- a/kernel/config-arm64-generic
+++ b/kernel/config-arm64-generic
@@ -400,7 +400,7 @@ CONFIG_HISI_KIRIN_DW_DSI=m
 #
 # Frame buffer hardware drivers
 #
-# CONFIG_FB_EFI is not set
+CONFIG_FB_EFI=y
 
 #
 # Console display driver support
@@ -709,6 +709,5 @@ CONFIG_CRYPTO_AES_ARM64_BS=m
 # Library routines
 #
 CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y
-CONFIG_AUDIT_COMPAT_GENERIC=y
 CONFIG_HAS_IOPORT_MAP=y
 CONFIG_UCS2_STRING=y
diff --git a/kernel/config-generic b/kernel/config-generic
index 5fac561..c151769 100644
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -34,11 +34,8 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
 CONFIG_FHANDLE=y
 # CONFIG_USELIB is not set
-CONFIG_AUDIT=y
+# CONFIG_AUDIT is not set
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT_WATCH=y
-CONFIG_AUDIT_TREE=y
 
 #
 # IRQ subsystem
@@ -697,7 +694,6 @@ CONFIG_NETFILTER_XT_SET=m
 #
 # Xtables targets
 #
-CONFIG_NETFILTER_XT_TARGET_AUDIT=m
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
@@ -3795,10 +3791,9 @@ CONFIG_FIRMWARE_EDID=y
 CONFIG_FB_CMDLINE=y
 CONFIG_FB_NOTIFY=y
 # CONFIG_FB_DDC is not set
-CONFIG_FB_BOOT_VESA_SUPPORT=y
-CONFIG_FB_CFB_FILLRECT=m
-CONFIG_FB_CFB_COPYAREA=m
-CONFIG_FB_CFB_IMAGEBLIT=m
+CONFIG_FB_CFB_FILLRECT=y
+CONFIG_FB_CFB_COPYAREA=y
+CONFIG_FB_CFB_IMAGEBLIT=y
 # CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
 CONFIG_FB_SYS_FILLRECT=m
 CONFIG_FB_SYS_COPYAREA=m
@@ -5578,7 +5573,7 @@ CONFIG_ENCRYPTED_KEYS=m
 # CONFIG_KEY_DH_OPERATIONS is not set
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
-CONFIG_SECURITY_WRITABLE_HOOKS=y
+# CONFIG_SECURITY_WRITABLE_HOOKS is not set
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
@@ -5587,13 +5582,6 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_PAGESPAN=y
 # CONFIG_STATIC_USERMODEHELPER is not set
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
-CONFIG_SECURITY_SELINUX_DISABLE=y
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
@@ -5603,12 +5591,10 @@ CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_TRUSTED_KEYRING=y
-CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="selinux"
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m
 CONFIG_ASYNC_CORE=m
 CONFIG_ASYNC_MEMCPY=m
diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic
index 50318e3..1ed2ee2 100644
--- a/kernel/config-x86-generic
+++ b/kernel/config-x86-generic
@@ -1106,6 +1106,11 @@ CONFIG_DRM_VMWGFX=m
 CONFIG_HSA_AMD=m
 
 #
+# Frame buffer Devices
+#
+CONFIG_FB_BOOT_VESA_SUPPORT=y
+
+#
 # Frame buffer hardware drivers
 #
 # CONFIG_FB_ARC is not set
@@ -1482,6 +1487,7 @@ CONFIG_EFIVAR_FS=m
 #
 # Compile-time checks and compiler options
 #
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
 CONFIG_ARCH_WANT_FRAME_POINTERS=y
 CONFIG_FRAME_POINTER=y
 CONFIG_STACK_VALIDATION=y
@@ -1553,7 +1559,6 @@ CONFIG_OPTIMIZE_INLINING=y
 #
 CONFIG_KEYS_COMPAT=y
 CONFIG_INTEL_TXT=y
-CONFIG_LSM_MMAP_MIN_ADDR=65536
 
 #
 # Crypto core or helper
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index 0724d4d..4936b6a 100644
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -33,7 +33,6 @@ build
 
 	requires
 		asciidoc
-		audit-devel
 		bc
 		binutils >= 2.25
 		binutils-devel