From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Thu, 25 Aug 2016 08:16:03 +0000 (+0900)
Subject: arm64: defconfig: tm2: enable SMACK and AUDIT options for NETFILTER
X-Git-Tag: submit/tizen/20160829.013616^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ffbe05a636f0942de153e9bccbeced4b644c1768;p=platform%2Fkernel%2Flinux-exynos.git

arm64: defconfig: tm2: enable SMACK and AUDIT options for NETFILTER

To support security check of network packet from Tizen platform,
it is required to enable the configs for SMACK_NETFILTER dependent
on NETWORK_SECMARK and AUDIT of NETFILTER.

Change-Id: I684ce5771dbd6e52ee529ede647d36c6561e549e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---

diff --git a/arch/arm64/configs/tizen_tm2_defconfig b/arch/arm64/configs/tizen_tm2_defconfig
index 7978f81716c7..dedc842212b0 100644
--- a/arch/arm64/configs/tizen_tm2_defconfig
+++ b/arch/arm64/configs/tizen_tm2_defconfig
@@ -607,7 +607,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
 # CONFIG_IPV6_SUBTREES is not set
 # CONFIG_IPV6_MROUTE is not set
 CONFIG_NETLABEL=y
-# CONFIG_NETWORK_SECMARK is not set
+CONFIG_NETWORK_SECMARK=y
 # CONFIG_NET_PTP_CLASSIFY is not set
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
@@ -625,6 +625,7 @@ CONFIG_NETFILTER_NETLINK_LOG=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_LOG_COMMON=y
 CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_SECMARK is not set
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_TIMEOUT is not set
@@ -686,7 +687,7 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 #
 # Xtables targets
 #
-# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_NETFILTER_XT_TARGET_AUDIT=y
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
@@ -708,6 +709,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
 # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
+# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 
@@ -4485,6 +4487,7 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_SELINUX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
+CONFIG_SECURITY_SMACK_NETFILTER=y
 # CONFIG_SECURITY_SMACK_PERMISSIVE_MODE is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set