diff options
-rw-r--r-- | 0004-DISABLEAUDIT.patch | 78 | ||||
-rw-r--r-- | PKGBUILD | 8 |
2 files changed, 83 insertions, 3 deletions
diff --git a/0004-DISABLEAUDIT.patch b/0004-DISABLEAUDIT.patch new file mode 100644 index 000000000000..3f769e0c15dd --- /dev/null +++ b/0004-DISABLEAUDIT.patch @@ -0,0 +1,78 @@ +--- .config 2021-04-16 00:11:30.430626876 +0800 ++++ .config 2021-04-16 00:13:01.212632338 +0800 +@@ -48,9 +48,8 @@ CONFIG_POSIX_MQUEUE_SYSCTL=y + CONFIG_WATCH_QUEUE=y + CONFIG_CROSS_MEMORY_ATTACH=y + CONFIG_USELIB=y +-CONFIG_AUDIT=y ++# CONFIG_AUDIT is not set + CONFIG_HAVE_ARCH_AUDITSYSCALL=y +-CONFIG_AUDITSYSCALL=y + + # + # IRQ subsystem +@@ -1351,7 +1350,6 @@ CONFIG_NETFILTER_XT_SET=m + # + # Xtables targets + # +-CONFIG_NETFILTER_XT_TARGET_AUDIT=m + CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m + CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m + CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +@@ -10187,21 +10185,12 @@ CONFIG_SECURITY_INFINIBAND=y + CONFIG_SECURITY_NETWORK_XFRM=y + CONFIG_SECURITY_PATH=y + CONFIG_INTEL_TXT=y +-CONFIG_LSM_MMAP_MIN_ADDR=0 + CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y + CONFIG_HARDENED_USERCOPY=y + CONFIG_HARDENED_USERCOPY_FALLBACK=y + # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set + CONFIG_FORTIFY_SOURCE=y + # CONFIG_STATIC_USERMODEHELPER is not set +-CONFIG_SECURITY_SELINUX=y +-CONFIG_SECURITY_SELINUX_BOOTPARAM=y +-# CONFIG_SECURITY_SELINUX_DISABLE is not set +-CONFIG_SECURITY_SELINUX_DEVELOP=y +-CONFIG_SECURITY_SELINUX_AVC_STATS=y +-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +-CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 +-CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 + CONFIG_SECURITY_SMACK=y + # CONFIG_SECURITY_SMACK_BRINGUP is not set + CONFIG_SECURITY_SMACK_NETFILTER=y +@@ -10213,10 +10202,7 @@ CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=102 + CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" + CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" + # CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +-CONFIG_SECURITY_APPARMOR=y +-CONFIG_SECURITY_APPARMOR_HASH=y +-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +-# CONFIG_SECURITY_APPARMOR_DEBUG is not set ++# CONFIG_SECURITY_APPARMOR is not set + # CONFIG_SECURITY_LOADPIN is not set + CONFIG_SECURITY_YAMA=y + CONFIG_SECURITY_SAFESETID=y +@@ -10231,10 +10217,8 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y + CONFIG_INTEGRITY_TRUSTED_KEYRING=y + CONFIG_INTEGRITY_PLATFORM_KEYRING=y + CONFIG_LOAD_UEFI_KEYS=y +-CONFIG_INTEGRITY_AUDIT=y + CONFIG_IMA=y + CONFIG_IMA_MEASURE_PCR_IDX=10 +-CONFIG_IMA_LSM_RULES=y + # CONFIG_IMA_TEMPLATE is not set + CONFIG_IMA_NG_TEMPLATE=y + # CONFIG_IMA_SIG_TEMPLATE is not set +@@ -10262,10 +10246,8 @@ CONFIG_EVM_ATTR_FSUUID=y + CONFIG_EVM_EXTRA_SMACK_XATTRS=y + CONFIG_EVM_ADD_XATTRS=y + # CONFIG_EVM_LOAD_X509 is not set +-# CONFIG_DEFAULT_SECURITY_SELINUX is not set +-# CONFIG_DEFAULT_SECURITY_SMACK is not set ++CONFIG_DEFAULT_SECURITY_SMACK=y + # CONFIG_DEFAULT_SECURITY_TOMOYO is not set +-CONFIG_DEFAULT_SECURITY_APPARMOR=y + # CONFIG_DEFAULT_SECURITY_DAC is not set + CONFIG_LSM="lockdown,yama,integrity,apparmor" + @@ -60,7 +60,7 @@ fi ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-xanmod-cacule-uksm-cjktty -pkgver=5.11.14 +pkgver=5.11.15 _major=5.11 _branch=5.x xanmod=1 @@ -81,7 +81,8 @@ source=("https://cdn.kernel.org/pub/linux/kernel/v${_branch}/linux-${_major}.tar choose-gcc-optimization.sh 'sphinx-workaround.patch' '0002-UKSM.patch' - '0003-CJKTTY.patch::https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v5.x/cjktty-5.11.patch') + '0003-CJKTTY.patch::https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v5.x/cjktty-5.11.patch' + '0004-DISABLEAUDIT.patch') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linux Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -99,7 +100,8 @@ sha256sums=('04f07b54f0d40adfab02ee6cbd2a942c96728d87c1ef9e120d0cb9ba3fe067b4' 'e840e41f0f91108f63fd6e085c93b02daa78729268bc31be7be7fb355203e38a' '74339b8ad0ad99f08606c5de0dd3c38f502e29e5c6a78d6efbe656662edb8d73' 'f00a84fd382d63cd0d47d6fd8ef6c8608b1c83ff9d6dbdd32cb985898afbbf58' - '7d8375f80012443a6d507eaaa913a6c8e4d8b7789b2523cceef9c5214a7650c5') + '7d8375f80012443a6d507eaaa913a6c8e4d8b7789b2523cceef9c5214a7650c5' + 'd1278ce5e576b6aec5228152b97fde119c5cd2f4abd8b624403ad6fa64b6f79a') export KBUILD_BUILD_HOST=${KBUILD_BUILD_HOST:-archlinux} export KBUILD_BUILD_USER=${KBUILD_BUILD_USER:-makepkg} |