From: Lukasz Pawelczyk Date: Fri, 26 Jul 2019 14:25:22 +0000 (+0200) Subject: Enable kernel options required for security-manager iptables config X-Git-Tag: submit/tizen/20190910.123110^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Faccepted%2Ftizen_5.5_unified_mobile_hotfix;p=sdk%2Femulator%2Femulator-kernel.git Enable kernel options required for security-manager iptables config security-manager is responsible for the internet privilage using iptables and the following functionalities are required: - iptables match owner - iptables logging - iptables limiting - corresponding IPV6 equivalents, incl conntrack Change-Id: I3ef34a69b8495f4ea0390de601b5623d55df6400 --- diff --git a/arch/x86/configs/tizen_emul_defconfig b/arch/x86/configs/tizen_emul_defconfig index 59f6a591b4c5..f782cacdd4b7 100644 --- a/arch/x86/configs/tizen_emul_defconfig +++ b/arch/x86/configs/tizen_emul_defconfig @@ -797,6 +797,7 @@ CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y # CONFIG_NF_CONNTRACK_MARK is not set CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_PROCFS=y @@ -955,7 +956,8 @@ CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y # CONFIG_NF_DUP_IPV6 is not set CONFIG_NF_REJECT_IPV6=y -# CONFIG_NF_LOG_IPV6 is not set +CONFIG_NF_LOG_IPV6=y +# CONFIG_NF_NAT_IPV6 is not set CONFIG_IP6_NF_IPTABLES=y # CONFIG_IP6_NF_MATCH_AH is not set # CONFIG_IP6_NF_MATCH_EUI64 is not set @@ -973,6 +975,7 @@ CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_RAW=y # CONFIG_IP6_NF_SECURITY is not set +# CONFIG_IP6_NF_NAT is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set