From 101e169884a4fbbcd11e200207d50eb437edf25e Mon Sep 17 00:00:00 2001 From: Seung-Woo Kim Date: Tue, 29 Aug 2017 14:56:16 +0900 Subject: [PATCH 1/1] ARM64: tizen_bcmrpi3_defconfig: enable SMACK_NETFILTER On Tizen, nether service is failed because security smack netfilter related configs are not enabled. So, enable related configs including CONFIG_NETWORK_SECMARK, and CONFIG_SECURITY_SMACK_NETFILTER and others. Change-Id: Ia886ba9d5dd9bc559633acf3066818e57551f8f4 Signed-off-by: Seung-Woo Kim --- arch/arm64/configs/tizen_bcmrpi3_defconfig | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/arm64/configs/tizen_bcmrpi3_defconfig b/arch/arm64/configs/tizen_bcmrpi3_defconfig index f70408c..61d8066f 100644 --- a/arch/arm64/configs/tizen_bcmrpi3_defconfig +++ b/arch/arm64/configs/tizen_bcmrpi3_defconfig @@ -650,7 +650,7 @@ CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y CONFIG_NETLABEL=y -# CONFIG_NETWORK_SECMARK is not set +CONFIG_NETWORK_SECMARK=y # CONFIG_NET_PTP_CLASSIFY is not set # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y @@ -662,11 +662,13 @@ CONFIG_BRIDGE_NETFILTER=y # Core Netfilter Configuration # CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y # CONFIG_NETFILTER_NETLINK_ACCT is not set -# CONFIG_NETFILTER_NETLINK_QUEUE is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y # CONFIG_NETFILTER_NETLINK_LOG is not set CONFIG_NF_CONNTRACK=y -# CONFIG_NF_CONNTRACK_MARK is not set +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_SECMARK is not set CONFIG_NF_CONNTRACK_PROCFS=y # CONFIG_NF_CONNTRACK_EVENTS is not set # CONFIG_NF_CONNTRACK_TIMEOUT is not set @@ -700,13 +702,13 @@ CONFIG_NETFILTER_XTABLES=y # # Xtables combined modules # -# CONFIG_NETFILTER_XT_MARK is not set -# CONFIG_NETFILTER_XT_CONNMARK is not set +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y # # Xtables targets # -# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set +CONFIG_NETFILTER_XT_TARGET_AUDIT=y # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_HMARK is not set @@ -716,10 +718,11 @@ CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_NAT=y # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set -# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set CONFIG_NETFILTER_XT_TARGET_REDIRECT=y # CONFIG_NETFILTER_XT_TARGET_TEE is not set +CONFIG_NETFILTER_XT_TARGET_SECMARK=y # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # @@ -753,6 +756,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=y # CONFIG_NETFILTER_XT_MATCH_MARK is not set # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_NETFILTER_XT_MATCH_OWNER is not set # CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set @@ -919,6 +923,7 @@ CONFIG_NET_CLS_ACT=y # CONFIG_NET_ACT_CSUM is not set # CONFIG_NET_ACT_VLAN is not set # CONFIG_NET_ACT_BPF is not set +# CONFIG_NET_ACT_CONNMARK is not set # CONFIG_NET_ACT_SKBMOD is not set # CONFIG_NET_ACT_IFE is not set # CONFIG_NET_ACT_TUNNEL_KEY is not set @@ -3758,7 +3763,8 @@ CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y # CONFIG_SECURITY_SELINUX is not set CONFIG_SECURITY_SMACK=y # CONFIG_SECURITY_SMACK_BRINGUP is not set -# CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y # CONFIG_SECURITY_TOMOYO is not set # CONFIG_SECURITY_APPARMOR is not set # CONFIG_SECURITY_LOADPIN is not set -- 2.7.4