From c7a9540906c9efe69277ade7e3f3fcd3c23192cf Mon Sep 17 00:00:00 2001 From: Albert Schwarzkopf Date: Thu, 29 Dec 2022 00:01:04 +0100 Subject: [PATCH] linux5.15+: Add landlock to CONFIG_LSM --- srcpkgs/linux5.15/files/arm64-dotconfig | 2 +- srcpkgs/linux5.15/files/i386-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc64-dotconfig | 2 +- srcpkgs/linux5.15/files/ppc64le-dotconfig | 2 +- srcpkgs/linux5.15/files/x86_64-dotconfig | 2 +- srcpkgs/linux6.0/files/arm64-dotconfig | 2 +- srcpkgs/linux6.0/files/i386-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc64-dotconfig | 2 +- srcpkgs/linux6.0/files/ppc64le-dotconfig | 2 +- srcpkgs/linux6.0/files/x86_64-dotconfig | 2 +- srcpkgs/linux6.1/files/arm64-dotconfig | 2 +- srcpkgs/linux6.1/files/i386-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc64-dotconfig | 2 +- srcpkgs/linux6.1/files/ppc64le-dotconfig | 2 +- srcpkgs/linux6.1/files/x86_64-dotconfig | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/srcpkgs/linux5.15/files/arm64-dotconfig b/srcpkgs/linux5.15/files/arm64-dotconfig index 40c18915d3bc..c3d64f6203ad 100644 --- a/srcpkgs/linux5.15/files/arm64-dotconfig +++ b/srcpkgs/linux5.15/files/arm64-dotconfig @@ -11226,7 +11226,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/i386-dotconfig b/srcpkgs/linux5.15/files/i386-dotconfig index 1f90e83f094c..a76b25edb7d3 100644 --- a/srcpkgs/linux5.15/files/i386-dotconfig +++ b/srcpkgs/linux5.15/files/i386-dotconfig @@ -9544,7 +9544,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc-dotconfig b/srcpkgs/linux5.15/files/ppc-dotconfig index 56421d1745f2..891c36f5e592 100644 --- a/srcpkgs/linux5.15/files/ppc-dotconfig +++ b/srcpkgs/linux5.15/files/ppc-dotconfig @@ -7674,7 +7674,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc64-dotconfig b/srcpkgs/linux5.15/files/ppc64-dotconfig index 601f1d55d2ee..4cbbc7be7c99 100644 --- a/srcpkgs/linux5.15/files/ppc64-dotconfig +++ b/srcpkgs/linux5.15/files/ppc64-dotconfig @@ -9658,7 +9658,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/ppc64le-dotconfig b/srcpkgs/linux5.15/files/ppc64le-dotconfig index 5fafdb797f0b..c4220b08d1c9 100644 --- a/srcpkgs/linux5.15/files/ppc64le-dotconfig +++ b/srcpkgs/linux5.15/files/ppc64le-dotconfig @@ -9380,7 +9380,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux5.15/files/x86_64-dotconfig b/srcpkgs/linux5.15/files/x86_64-dotconfig index 7c711c66f9da..e452c0f08396 100644 --- a/srcpkgs/linux5.15/files/x86_64-dotconfig +++ b/srcpkgs/linux5.15/files/x86_64-dotconfig @@ -9728,7 +9728,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/arm64-dotconfig b/srcpkgs/linux6.0/files/arm64-dotconfig index c708bc401cb3..60a19732fb42 100644 --- a/srcpkgs/linux6.0/files/arm64-dotconfig +++ b/srcpkgs/linux6.0/files/arm64-dotconfig @@ -11759,7 +11759,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/i386-dotconfig b/srcpkgs/linux6.0/files/i386-dotconfig index eb5ad6fce09a..ea5bddf4685d 100644 --- a/srcpkgs/linux6.0/files/i386-dotconfig +++ b/srcpkgs/linux6.0/files/i386-dotconfig @@ -9964,7 +9964,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc-dotconfig b/srcpkgs/linux6.0/files/ppc-dotconfig index 62a721ff52cb..2bf2cb2411a6 100644 --- a/srcpkgs/linux6.0/files/ppc-dotconfig +++ b/srcpkgs/linux6.0/files/ppc-dotconfig @@ -8005,7 +8005,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc64-dotconfig b/srcpkgs/linux6.0/files/ppc64-dotconfig index 841ae1a350d3..d8c80c856e9f 100644 --- a/srcpkgs/linux6.0/files/ppc64-dotconfig +++ b/srcpkgs/linux6.0/files/ppc64-dotconfig @@ -10030,7 +10030,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/ppc64le-dotconfig b/srcpkgs/linux6.0/files/ppc64le-dotconfig index a32850c87f39..f263d08b03ef 100644 --- a/srcpkgs/linux6.0/files/ppc64le-dotconfig +++ b/srcpkgs/linux6.0/files/ppc64le-dotconfig @@ -9750,7 +9750,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.0/files/x86_64-dotconfig b/srcpkgs/linux6.0/files/x86_64-dotconfig index fc67dc699926..b592092a4bf7 100644 --- a/srcpkgs/linux6.0/files/x86_64-dotconfig +++ b/srcpkgs/linux6.0/files/x86_64-dotconfig @@ -10188,7 +10188,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/arm64-dotconfig b/srcpkgs/linux6.1/files/arm64-dotconfig index c244e5af74ee..138dfb47a123 100644 --- a/srcpkgs/linux6.1/files/arm64-dotconfig +++ b/srcpkgs/linux6.1/files/arm64-dotconfig @@ -11785,7 +11785,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/i386-dotconfig b/srcpkgs/linux6.1/files/i386-dotconfig index d549a8932534..f484941f12e5 100644 --- a/srcpkgs/linux6.1/files/i386-dotconfig +++ b/srcpkgs/linux6.1/files/i386-dotconfig @@ -9981,7 +9981,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc-dotconfig b/srcpkgs/linux6.1/files/ppc-dotconfig index 1aa3fc01e3cb..42533d89a6e6 100644 --- a/srcpkgs/linux6.1/files/ppc-dotconfig +++ b/srcpkgs/linux6.1/files/ppc-dotconfig @@ -8009,7 +8009,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y # CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc64-dotconfig b/srcpkgs/linux6.1/files/ppc64-dotconfig index 82058e328ec9..cb41cf4b037f 100644 --- a/srcpkgs/linux6.1/files/ppc64-dotconfig +++ b/srcpkgs/linux6.1/files/ppc64-dotconfig @@ -10050,7 +10050,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/ppc64le-dotconfig b/srcpkgs/linux6.1/files/ppc64le-dotconfig index 1881ce75cecf..2d85dcc227c1 100644 --- a/srcpkgs/linux6.1/files/ppc64le-dotconfig +++ b/srcpkgs/linux6.1/files/ppc64le-dotconfig @@ -9771,7 +9771,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options diff --git a/srcpkgs/linux6.1/files/x86_64-dotconfig b/srcpkgs/linux6.1/files/x86_64-dotconfig index d6ed831e1921..20579c094dee 100644 --- a/srcpkgs/linux6.1/files/x86_64-dotconfig +++ b/srcpkgs/linux6.1/files/x86_64-dotconfig @@ -10219,7 +10219,7 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="yama,loadpin,safesetid,integrity" +CONFIG_LSM="landlock,yama,loadpin,safesetid,integrity" # # Kernel hardening options