summarylogtreecommitdiffstats
path: root/0004-DISABLEAUDIT.patch
diff options
context:
space:
mode:
Diffstat (limited to '0004-DISABLEAUDIT.patch')
-rw-r--r--0004-DISABLEAUDIT.patch78
1 files changed, 78 insertions, 0 deletions
diff --git a/0004-DISABLEAUDIT.patch b/0004-DISABLEAUDIT.patch
new file mode 100644
index 000000000000..3f769e0c15dd
--- /dev/null
+++ b/0004-DISABLEAUDIT.patch
@@ -0,0 +1,78 @@
+--- .config 2021-04-16 00:11:30.430626876 +0800
++++ .config 2021-04-16 00:13:01.212632338 +0800
+@@ -48,9 +48,8 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y
+ CONFIG_WATCH_QUEUE=y
+ CONFIG_CROSS_MEMORY_ATTACH=y
+ CONFIG_USELIB=y
+-CONFIG_AUDIT=y
++# CONFIG_AUDIT is not set
+ CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+-CONFIG_AUDITSYSCALL=y
+
+ #
+ # IRQ subsystem
+@@ -1351,7 +1350,6 @@ CONFIG_NETFILTER_XT_SET=m
+ #
+ # Xtables targets
+ #
+-CONFIG_NETFILTER_XT_TARGET_AUDIT=m
+ CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+ CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+ CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
+@@ -10187,21 +10185,12 @@ CONFIG_SECURITY_INFINIBAND=y
+ CONFIG_SECURITY_NETWORK_XFRM=y
+ CONFIG_SECURITY_PATH=y
+ CONFIG_INTEL_TXT=y
+-CONFIG_LSM_MMAP_MIN_ADDR=0
+ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
+ CONFIG_HARDENED_USERCOPY=y
+ CONFIG_HARDENED_USERCOPY_FALLBACK=y
+ # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
+ CONFIG_FORTIFY_SOURCE=y
+ # CONFIG_STATIC_USERMODEHELPER is not set
+-CONFIG_SECURITY_SELINUX=y
+-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+-# CONFIG_SECURITY_SELINUX_DISABLE is not set
+-CONFIG_SECURITY_SELINUX_DEVELOP=y
+-CONFIG_SECURITY_SELINUX_AVC_STATS=y
+-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+-CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
+-CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
+ CONFIG_SECURITY_SMACK=y
+ # CONFIG_SECURITY_SMACK_BRINGUP is not set
+ CONFIG_SECURITY_SMACK_NETFILTER=y
+@@ -10213,10 +10202,7 @@ CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=102
+ CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+ # CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set
+-CONFIG_SECURITY_APPARMOR=y
+-CONFIG_SECURITY_APPARMOR_HASH=y
+-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+-# CONFIG_SECURITY_APPARMOR_DEBUG is not set
++# CONFIG_SECURITY_APPARMOR is not set
+ # CONFIG_SECURITY_LOADPIN is not set
+ CONFIG_SECURITY_YAMA=y
+ CONFIG_SECURITY_SAFESETID=y
+@@ -10231,10 +10217,8 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+ CONFIG_INTEGRITY_TRUSTED_KEYRING=y
+ CONFIG_INTEGRITY_PLATFORM_KEYRING=y
+ CONFIG_LOAD_UEFI_KEYS=y
+-CONFIG_INTEGRITY_AUDIT=y
+ CONFIG_IMA=y
+ CONFIG_IMA_MEASURE_PCR_IDX=10
+-CONFIG_IMA_LSM_RULES=y
+ # CONFIG_IMA_TEMPLATE is not set
+ CONFIG_IMA_NG_TEMPLATE=y
+ # CONFIG_IMA_SIG_TEMPLATE is not set
+@@ -10262,10 +10246,8 @@ CONFIG_EVM_ATTR_FSUUID=y
+ CONFIG_EVM_EXTRA_SMACK_XATTRS=y
+ CONFIG_EVM_ADD_XATTRS=y
+ # CONFIG_EVM_LOAD_X509 is not set
+-# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+-# CONFIG_DEFAULT_SECURITY_SMACK is not set
++CONFIG_DEFAULT_SECURITY_SMACK=y
+ # CONFIG_DEFAULT_SECURITY_TOMOYO is not set
+-CONFIG_DEFAULT_SECURITY_APPARMOR=y
+ # CONFIG_DEFAULT_SECURITY_DAC is not set
+ CONFIG_LSM="lockdown,yama,integrity,apparmor"
+