diff options
Diffstat (limited to '0004-DISABLEAUDIT.patch')
-rw-r--r-- | 0004-DISABLEAUDIT.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/0004-DISABLEAUDIT.patch b/0004-DISABLEAUDIT.patch new file mode 100644 index 000000000000..3f769e0c15dd --- /dev/null +++ b/0004-DISABLEAUDIT.patch @@ -0,0 +1,78 @@ +--- .config 2021-04-16 00:11:30.430626876 +0800 ++++ .config 2021-04-16 00:13:01.212632338 +0800 +@@ -48,9 +48,8 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y + CONFIG_WATCH_QUEUE=y + CONFIG_CROSS_MEMORY_ATTACH=y + CONFIG_USELIB=y +-CONFIG_AUDIT=y ++# CONFIG_AUDIT is not set + CONFIG_HAVE_ARCH_AUDITSYSCALL=y +-CONFIG_AUDITSYSCALL=y + + # + # IRQ subsystem +@@ -1351,7 +1350,6 @@ CONFIG_NETFILTER_XT_SET=m + # + # Xtables targets + # +-CONFIG_NETFILTER_XT_TARGET_AUDIT=m + CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m + CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m + CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +@@ -10187,21 +10185,12 @@ CONFIG_SECURITY_INFINIBAND=y + CONFIG_SECURITY_NETWORK_XFRM=y + CONFIG_SECURITY_PATH=y + CONFIG_INTEL_TXT=y +-CONFIG_LSM_MMAP_MIN_ADDR=0 + CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y + CONFIG_HARDENED_USERCOPY=y + CONFIG_HARDENED_USERCOPY_FALLBACK=y + # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set + CONFIG_FORTIFY_SOURCE=y + # CONFIG_STATIC_USERMODEHELPER is not set +-CONFIG_SECURITY_SELINUX=y +-CONFIG_SECURITY_SELINUX_BOOTPARAM=y +-# CONFIG_SECURITY_SELINUX_DISABLE is not set +-CONFIG_SECURITY_SELINUX_DEVELOP=y +-CONFIG_SECURITY_SELINUX_AVC_STATS=y +-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +-CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 +-CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 + CONFIG_SECURITY_SMACK=y + # CONFIG_SECURITY_SMACK_BRINGUP is not set + CONFIG_SECURITY_SMACK_NETFILTER=y +@@ -10213,10 +10202,7 @@ CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=102 + CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" + CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" + # CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +-CONFIG_SECURITY_APPARMOR=y +-CONFIG_SECURITY_APPARMOR_HASH=y +-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +-# CONFIG_SECURITY_APPARMOR_DEBUG is not set ++# CONFIG_SECURITY_APPARMOR is not set + # CONFIG_SECURITY_LOADPIN is not set + CONFIG_SECURITY_YAMA=y + CONFIG_SECURITY_SAFESETID=y +@@ -10231,10 +10217,8 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y + CONFIG_INTEGRITY_TRUSTED_KEYRING=y + CONFIG_INTEGRITY_PLATFORM_KEYRING=y + CONFIG_LOAD_UEFI_KEYS=y +-CONFIG_INTEGRITY_AUDIT=y + CONFIG_IMA=y + CONFIG_IMA_MEASURE_PCR_IDX=10 +-CONFIG_IMA_LSM_RULES=y + # CONFIG_IMA_TEMPLATE is not set + CONFIG_IMA_NG_TEMPLATE=y + # CONFIG_IMA_SIG_TEMPLATE is not set +@@ -10262,10 +10246,8 @@ CONFIG_EVM_ATTR_FSUUID=y + CONFIG_EVM_EXTRA_SMACK_XATTRS=y + CONFIG_EVM_ADD_XATTRS=y + # CONFIG_EVM_LOAD_X509 is not set +-# CONFIG_DEFAULT_SECURITY_SELINUX is not set +-# CONFIG_DEFAULT_SECURITY_SMACK is not set ++CONFIG_DEFAULT_SECURITY_SMACK=y + # CONFIG_DEFAULT_SECURITY_TOMOYO is not set +-CONFIG_DEFAULT_SECURITY_APPARMOR=y + # CONFIG_DEFAULT_SECURITY_DAC is not set + CONFIG_LSM="lockdown,yama,integrity,apparmor" + |