[08/13] kernel: Disable network security hooks

Message ID 20210917114229.10704-8-michael.tremer@ipfire.org
State Staged
Commit 15f53912a1a474a2f0cce9a1cd1478276395f3ff
Headers show
Series [01/13] kernel: Change timer tick to 1000Hz | expand

Commit Message

Michael Tremer Sept. 17, 2021, 11:42 a.m. UTC
This is a feature we do not use and it should therefore be disabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 3 +--
 config/kernel/kernel.config.armv6l-ipfire  | 3 +--
 config/kernel/kernel.config.i586-ipfire    | 3 +--
 config/kernel/kernel.config.x86_64-ipfire  | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)

Comments

Peter Müller Sept. 18, 2021, 4:23 p.m. UTC | #1
Acked-by: Peter Müller <peter.mueller@ipfire.org>

> This is a feature we do not use and it should therefore be disabled
> 
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
>   config/kernel/kernel.config.aarch64-ipfire | 3 +--
>   config/kernel/kernel.config.armv6l-ipfire  | 3 +--
>   config/kernel/kernel.config.i586-ipfire    | 3 +--
>   config/kernel/kernel.config.x86_64-ipfire  | 3 +--
>   4 files changed, 4 insertions(+), 8 deletions(-)
> 
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index dbd730e80..15f8cfc6b 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -7274,8 +7274,7 @@ CONFIG_KEYS=y
>   CONFIG_SECURITY_DMESG_RESTRICT=y
>   CONFIG_SECURITY=y
>   CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> -CONFIG_SECURITY_NETWORK_XFRM=y
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
>   CONFIG_HARDENED_USERCOPY=y
> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
> index 93856d185..fc309c9b3 100644
> --- a/config/kernel/kernel.config.armv6l-ipfire
> +++ b/config/kernel/kernel.config.armv6l-ipfire
> @@ -7369,8 +7369,7 @@ CONFIG_KEYS=y
>   CONFIG_SECURITY_DMESG_RESTRICT=y
>   CONFIG_SECURITY=y
>   CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> -CONFIG_SECURITY_NETWORK_XFRM=y
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
>   CONFIG_HARDENED_USERCOPY=y
> diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
> index 8c99e3a60..08df3d656 100644
> --- a/config/kernel/kernel.config.i586-ipfire
> +++ b/config/kernel/kernel.config.i586-ipfire
> @@ -6912,8 +6912,7 @@ CONFIG_ENCRYPTED_KEYS=y
>   CONFIG_SECURITY_DMESG_RESTRICT=y
>   CONFIG_SECURITY=y
>   # CONFIG_SECURITYFS is not set
> -CONFIG_SECURITY_NETWORK=y
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
> +# CONFIG_SECURITY_NETWORK is not set
>   # CONFIG_SECURITY_PATH is not set
>   # CONFIG_INTEL_TXT is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index f5c1fce9f..5f8711ac4 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6749,9 +6749,8 @@ CONFIG_KEYS=y
>   CONFIG_SECURITY_DMESG_RESTRICT=y
>   CONFIG_SECURITY=y
>   CONFIG_SECURITYFS=y
> -CONFIG_SECURITY_NETWORK=y
> +# CONFIG_SECURITY_NETWORK is not set
>   CONFIG_PAGE_TABLE_ISOLATION=y
> -# CONFIG_SECURITY_NETWORK_XFRM is not set
>   # CONFIG_SECURITY_PATH is not set
>   # CONFIG_INTEL_TXT is not set
>   CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
>

Patch

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index dbd730e80..15f8cfc6b 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -7274,8 +7274,7 @@  CONFIG_KEYS=y
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
-CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
+# CONFIG_SECURITY_NETWORK is not set
 # CONFIG_SECURITY_PATH is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
index 93856d185..fc309c9b3 100644
--- a/config/kernel/kernel.config.armv6l-ipfire
+++ b/config/kernel/kernel.config.armv6l-ipfire
@@ -7369,8 +7369,7 @@  CONFIG_KEYS=y
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
-CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
+# CONFIG_SECURITY_NETWORK is not set
 # CONFIG_SECURITY_PATH is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
index 8c99e3a60..08df3d656 100644
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -6912,8 +6912,7 @@  CONFIG_ENCRYPTED_KEYS=y
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 # CONFIG_SECURITYFS is not set
-CONFIG_SECURITY_NETWORK=y
-# CONFIG_SECURITY_NETWORK_XFRM is not set
+# CONFIG_SECURITY_NETWORK is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index f5c1fce9f..5f8711ac4 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -6749,9 +6749,8 @@  CONFIG_KEYS=y
 CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
-CONFIG_SECURITY_NETWORK=y
+# CONFIG_SECURITY_NETWORK is not set
 CONFIG_PAGE_TABLE_ISOLATION=y
-# CONFIG_SECURITY_NETWORK_XFRM is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y