projects / platform / kernel / linux-exynos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f5bc994)
arm64: defconfig: tm2: enable SMACK and AUDIT options for NETFILTER 68/85468/1 accepted/tizen/common/20160829.140033 accepted/tizen/ivi/20160829.085252 accepted/tizen/mobile/20160829.085200 accepted/tizen/tv/20160829.085218 accepted/tizen/wearable/20160829.085240 submit/tizen/20160829.013616
authorSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 25 Aug 2016 08:16:03 +0000 (17:16 +0900)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 25 Aug 2016 08:17:02 +0000 (17:17 +0900)
To support security check of network packet from Tizen platform,
it is required to enable the configs for SMACK_NETFILTER dependent
on NETWORK_SECMARK and AUDIT of NETFILTER.

Change-Id: I684ce5771dbd6e52ee529ede647d36c6561e549e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
arch/arm64/configs/tizen_tm2_defconfig patch | blob | history

diff --git a/arch/arm64/configs/tizen_tm2_defconfig b/arch/arm64/configs/tizen_tm2_defconfig
index 7978f81716c70892a48e6b19a9270a3d972f3a1b..dedc842212b01f75db0b2c3a5642aa9d365a2d22 100644 (file)
--- a/arch/arm64/configs/tizen_tm2_defconfig
+++ b/arch/arm64/configs/tizen_tm2_defconfig
@@ -607,7 +607,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
 # CONFIG_IPV6_SUBTREES is not set
 # CONFIG_IPV6_MROUTE is not set
 CONFIG_NETLABEL=y
-# CONFIG_NETWORK_SECMARK is not set
+CONFIG_NETWORK_SECMARK=y
 # CONFIG_NET_PTP_CLASSIFY is not set
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
@@ -625,6 +625,7 @@ CONFIG_NETFILTER_NETLINK_LOG=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_LOG_COMMON=y
 CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_SECMARK is not set
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_TIMEOUT is not set
@@ -686,7 +687,7 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 #
 # Xtables targets
 #
-# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_NETFILTER_XT_TARGET_AUDIT=y
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
@@ -708,6 +709,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
 # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
+# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 
@@ -4485,6 +4487,7 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_SELINUX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
+CONFIG_SECURITY_SMACK_NETFILTER=y
 # CONFIG_SECURITY_SMACK_PERMISSIVE_MODE is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
Domain: System / Kernel;