integrity: Enable IMA and related kconfig symbols (except on armel/marvell)
Closes: #788290 Based on advice from Matthew Garrett.
This commit is contained in:
parent
6771be1138
commit
f3c3de0f60
|
@ -343,6 +343,9 @@ linux (4.9.24-1) UNRELEASED; urgency=medium
|
||||||
* [x86] gpio: Enable GPIO_AMDPT as module
|
* [x86] gpio: Enable GPIO_AMDPT as module
|
||||||
* [x86] thermal: Enable INT3406_THERMAL as module
|
* [x86] thermal: Enable INT3406_THERMAL as module
|
||||||
* watchdog: Enable WATCHDOG_SYSFS
|
* watchdog: Enable WATCHDOG_SYSFS
|
||||||
|
* integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
|
||||||
|
IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
|
||||||
|
(except on armel/marvell) (Closes: #788290)
|
||||||
|
|
||||||
[ Salvatore Bonaccorso ]
|
[ Salvatore Bonaccorso ]
|
||||||
* ping: implement proper locking (CVE-2017-2671)
|
* ping: implement proper locking (CVE-2017-2671)
|
||||||
|
|
|
@ -762,6 +762,11 @@ CONFIG_IPV6=m
|
||||||
##
|
##
|
||||||
# CONFIG_NET_MPLS_GSO is not set
|
# CONFIG_NET_MPLS_GSO is not set
|
||||||
|
|
||||||
|
##
|
||||||
|
## file: security/integrity/ima/Kconfig
|
||||||
|
##
|
||||||
|
# CONFIG_IMA is not set
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: sound/soc/Kconfig
|
## file: sound/soc/Kconfig
|
||||||
##
|
##
|
||||||
|
|
|
@ -6909,6 +6909,7 @@ CONFIG_SECURITY_APPARMOR_HASH=y
|
||||||
##
|
##
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||||
|
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
|
|
||||||
##
|
##
|
||||||
|
@ -6919,7 +6920,20 @@ CONFIG_INTEGRITY_AUDIT=y
|
||||||
##
|
##
|
||||||
## file: security/integrity/ima/Kconfig
|
## file: security/integrity/ima/Kconfig
|
||||||
##
|
##
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
|
## choice: Default integrity hash algorithm
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
## end choice
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
# CONFIG_IMA_READ_POLICY is not set
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||||
|
CONFIG_IMA_BLACKLIST_KEYRING=y
|
||||||
|
# CONFIG_IMA_LOAD_X509 is not set
|
||||||
|
# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: security/keys/Kconfig
|
## file: security/keys/Kconfig
|
||||||
|
|
Loading…
Reference in New Issue