projects / platform / kernel / linux-exynos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a9f33a7)
ARM: defconfig: odroid: enable SMACK and AUDIT options for NETFILTER
authorSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 25 Aug 2016 08:02:54 +0000 (17:02 +0900)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Wed, 14 Dec 2016 04:52:43 +0000 (13:52 +0900)
To support security check of network packet from Tizen platform,
it is required to enable the configs for SMACK_NETFILTER dependent
on NETWORK_SECMARK and AUDIT of NETFILTER.

Change-Id: I9176fcad446ea87f503165c4cf2f3aff3c60ec4f
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
arch/arm/configs/tizen_odroid_defconfig patch | blob | history

diff --git a/arch/arm/configs/tizen_odroid_defconfig b/arch/arm/configs/tizen_odroid_defconfig
index fa60e4a..6355662 100644 (file)
--- a/arch/arm/configs/tizen_odroid_defconfig
+++ b/arch/arm/configs/tizen_odroid_defconfig
@@ -761,7 +761,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
 # CONFIG_IPV6_SUBTREES is not set
 # CONFIG_IPV6_MROUTE is not set
 CONFIG_NETLABEL=y
-# CONFIG_NETWORK_SECMARK is not set
+CONFIG_NETWORK_SECMARK=y
 # CONFIG_NET_PTP_CLASSIFY is not set
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
@@ -779,6 +779,7 @@ CONFIG_NETFILTER_NETLINK_LOG=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_LOG_COMMON=y
 CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_SECMARK is not set
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_TIMEOUT is not set
@@ -824,7 +825,7 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 #
 # Xtables targets
 #
-# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_NETFILTER_XT_TARGET_AUDIT=y
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
@@ -846,6 +847,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
 # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
+# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 
@@ -4333,6 +4335,7 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_SELINUX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
+CONFIG_SECURITY_SMACK_NETFILTER=y
 # CONFIG_SECURITY_SMACK_PERMISSIVE_MODE is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
Domain: System / Kernel;