From 21046cd99edfd15ab8537604dfa80bd0db3511c1 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 23 Oct 2024 09:13:56 -0600 Subject: [PATCH] kernel-6.12.0-0.rc4.20241023gitc2ee9f594da8.41 * Wed Oct 23 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.41] - tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Jan Stancek) - tools/rtla: drop __NR_sched_getattr (Jan Stancek) Resolves: Signed-off-by: Justin M. Forbes --- Makefile.rhelver | 2 +- Patchlist.changelog | 8 ++++---- kernel-aarch64-16k-debug-fedora.config | 18 ++++++++++++++---- kernel-aarch64-16k-fedora.config | 18 ++++++++++++++---- kernel-aarch64-64k-debug-rhel.config | 2 +- kernel-aarch64-64k-rhel.config | 2 +- kernel-aarch64-debug-fedora.config | 18 ++++++++++++++---- kernel-aarch64-debug-rhel.config | 2 +- kernel-aarch64-fedora.config | 18 ++++++++++++++---- kernel-aarch64-rhel.config | 2 +- kernel-aarch64-rt-debug-rhel.config | 2 +- kernel-aarch64-rt-rhel.config | 2 +- kernel-ppc64le-debug-fedora.config | 18 ++++++++++++++---- kernel-ppc64le-debug-rhel.config | 2 +- kernel-ppc64le-fedora.config | 18 ++++++++++++++---- kernel-ppc64le-rhel.config | 2 +- kernel-riscv64-debug-fedora.config | 18 ++++++++++++++---- kernel-riscv64-fedora.config | 18 ++++++++++++++---- kernel-s390x-debug-fedora.config | 16 +++++++++++++--- kernel-s390x-debug-rhel.config | 2 +- kernel-s390x-fedora.config | 16 +++++++++++++--- kernel-s390x-rhel.config | 2 +- kernel-s390x-zfcpdump-rhel.config | 2 +- kernel-x86_64-debug-fedora.config | 18 ++++++++++++++---- kernel-x86_64-debug-rhel.config | 2 +- kernel-x86_64-fedora.config | 18 ++++++++++++++---- kernel-x86_64-rhel.config | 2 +- kernel-x86_64-rt-debug-rhel.config | 2 +- kernel-x86_64-rt-rhel.config | 2 +- kernel.changelog | 8 +++++++- kernel.spec | 11 ++++++++--- sources | 4 ++-- 32 files changed, 203 insertions(+), 72 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index 3c64ec952..8bdbd5dd1 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 40 +RHEL_RELEASE = 41 # # RHEL_REBASE_NUM diff --git a/Patchlist.changelog b/Patchlist.changelog index aa5026b5b..c76a062f3 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,8 +1,8 @@ -https://gitlab.com/cki-project/kernel-ark/-/commit/4959997c1dfddf0784e0ddb421b0ff735b52ab4b - 4959997c1dfddf0784e0ddb421b0ff735b52ab4b tools/rtla: fix collision with glibc sched_attr/sched_set_attr +https://gitlab.com/cki-project/kernel-ark/-/commit/51cc66d01df3c5337af9a4beb655c521a9383654 + 51cc66d01df3c5337af9a4beb655c521a9383654 tools/rtla: fix collision with glibc sched_attr/sched_set_attr -https://gitlab.com/cki-project/kernel-ark/-/commit/2a59126675f7e7f4b1b976da8a1e88cf04dfd9e1 - 2a59126675f7e7f4b1b976da8a1e88cf04dfd9e1 tools/rtla: drop __NR_sched_getattr +https://gitlab.com/cki-project/kernel-ark/-/commit/947f2dda0a61511bb7d39d8143d8cc2f2b007db6 + 947f2dda0a61511bb7d39d8143d8cc2f2b007db6 tools/rtla: drop __NR_sched_getattr https://gitlab.com/cki-project/kernel-ark/-/commit/77e6d045cb6220934aef9b192b291466fd205d21 77e6d045cb6220934aef9b192b291466fd205d21 Revert "Merge branch 'drop_engine_api' into 'os-build'" diff --git a/kernel-aarch64-16k-debug-fedora.config b/kernel-aarch64-16k-debug-fedora.config index 8c504c4c3..ef000aba0 100644 --- a/kernel-aarch64-16k-debug-fedora.config +++ b/kernel-aarch64-16k-debug-fedora.config @@ -1864,6 +1864,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEV_DAX_CXL=m @@ -3704,6 +3705,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m @@ -4277,7 +4281,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5578,7 +5582,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -7310,7 +7314,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -7329,7 +7333,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-aarch64-16k-fedora.config b/kernel-aarch64-16k-fedora.config index 6eaac4cb3..722046cc9 100644 --- a/kernel-aarch64-16k-fedora.config +++ b/kernel-aarch64-16k-fedora.config @@ -1856,6 +1856,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEV_DAX_CXL=m @@ -3687,6 +3688,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m @@ -4253,7 +4257,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5552,7 +5556,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -7283,7 +7287,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -7302,7 +7306,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config index c09dfb421..42852d564 100644 --- a/kernel-aarch64-64k-debug-rhel.config +++ b/kernel-aarch64-64k-debug-rhel.config @@ -4588,7 +4588,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config index d22add2c7..3a5ccd7e8 100644 --- a/kernel-aarch64-64k-rhel.config +++ b/kernel-aarch64-64k-rhel.config @@ -4567,7 +4567,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 1a0ce6d5f..19ca3aaf4 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -1864,6 +1864,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEV_DAX_CXL=m @@ -3704,6 +3705,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m @@ -4277,7 +4281,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5578,7 +5582,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -7309,7 +7313,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -7328,7 +7332,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 0adbb1e6f..2a5b9b5f6 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -4585,7 +4585,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index 068e82dbd..c1a20a474 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -1856,6 +1856,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEV_DAX_CXL=m @@ -3687,6 +3688,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y CONFIG_IPMB_DEVICE_INTERFACE=m CONFIG_IPMI_DEVICE_INTERFACE=m @@ -4253,7 +4257,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5552,7 +5556,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -7282,7 +7286,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -7301,7 +7305,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 1eea2b305..c78fb10ae 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -4564,7 +4564,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config index b51cd1fd4..47743ac16 100644 --- a/kernel-aarch64-rt-debug-rhel.config +++ b/kernel-aarch64-rt-debug-rhel.config @@ -4626,7 +4626,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config index 4578ed98d..f8f02f13a 100644 --- a/kernel-aarch64-rt-rhel.config +++ b/kernel-aarch64-rt-rhel.config @@ -4605,7 +4605,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index 2f93ab2d6..1a805f082 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -1382,6 +1382,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEV_DAX_CXL=m @@ -2945,6 +2946,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3492,7 +3496,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -4674,7 +4678,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -5938,7 +5942,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5957,7 +5961,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index 3516112e2..a71603a6e 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -4220,7 +4220,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index e6d33aecd..16ee05620 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -1373,6 +1373,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEV_DAX_CXL=m @@ -2926,6 +2927,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3467,7 +3471,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -4647,7 +4651,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -5910,7 +5914,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5929,7 +5933,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 04c1ef2cb..a85f3e202 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -4200,7 +4200,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-riscv64-debug-fedora.config b/kernel-riscv64-debug-fedora.config index c9d9c4b5a..f69c918de 100644 --- a/kernel-riscv64-debug-fedora.config +++ b/kernel-riscv64-debug-fedora.config @@ -1407,6 +1407,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEV_DAX_CXL=m @@ -2956,6 +2957,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3492,7 +3496,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -4692,7 +4696,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -5977,7 +5981,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5996,7 +6000,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-riscv64-fedora.config b/kernel-riscv64-fedora.config index 265b91f7b..558f966ed 100644 --- a/kernel-riscv64-fedora.config +++ b/kernel-riscv64-fedora.config @@ -1398,6 +1398,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEV_DAX_CXL=m @@ -2937,6 +2938,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3467,7 +3471,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -4665,7 +4669,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NILFS2_FS=m @@ -5949,7 +5953,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5968,7 +5972,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index b977ba3e7..9f3242d22 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -1390,6 +1390,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DETECT_HUNG_TASK=y CONFIG_DEV_DAX_CXL=m @@ -2916,6 +2917,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3455,7 +3459,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5871,7 +5875,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5890,7 +5894,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index 51cd733a2..629ac76ac 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -4197,7 +4197,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set # CONFIG_N_HDLC is not set # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index a4c3fdf19..b9795f86d 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -1381,6 +1381,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEV_DAX_CXL=m @@ -2897,6 +2898,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3430,7 +3434,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5843,7 +5847,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -5862,7 +5866,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 8375574e1..2817d0cad 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -4177,7 +4177,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set # CONFIG_N_HDLC is not set # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index 11827fd26..3aff3d05b 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -4188,7 +4188,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=y +# CONFIG_N_GSM is not set # CONFIG_N_HDLC is not set # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index e2931e1a5..49dbf42fe 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -1492,6 +1492,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DELL_LAPTOP=m CONFIG_DELL_PC=m @@ -3269,6 +3270,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3830,7 +3834,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5055,7 +5059,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NIC7018_WDT=m @@ -6362,7 +6366,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -6381,7 +6385,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index d78876c98..e2823883c 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -4437,7 +4437,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 64dfabe73..fe0ea1743 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -1483,6 +1483,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_DEFAULT_RENO is not set # CONFIG_DEFAULT_SECURITY_DAC is not set CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_DELL_LAPTOP=m CONFIG_DELL_PC=m @@ -3250,6 +3251,9 @@ CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IPC_NS=y # CONFIG_IP_DCCP is not set +CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IP_FIB_TRIE_STATS=y # CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPMI_DEVICE_INTERFACE=m @@ -3805,7 +3809,7 @@ CONFIG_LRU_GEN_ENABLED=y # CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN=y CONFIG_LSI_ET1011C_PHY=m -CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock,ipe" CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_LTC1660=m # CONFIG_LTC2309 is not set @@ -5030,7 +5034,7 @@ CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m CONFIG_NGBE=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set CONFIG_NIC7018_WDT=m @@ -6335,7 +6339,7 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y -# CONFIG_SECURITY_IPE is not set +CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y @@ -6354,7 +6358,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY=y CONFIG_SECURITY_YAMA=y # CONFIG_SEG_LED_GPIO is not set diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 09c4eee01..d1d5aae54 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -4417,7 +4417,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config index 6a124d849..020f79727 100644 --- a/kernel-x86_64-rt-debug-rhel.config +++ b/kernel-x86_64-rt-debug-rhel.config @@ -4478,7 +4478,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config index 4781922de..dc8832459 100644 --- a/kernel-x86_64-rt-rhel.config +++ b/kernel-x86_64-rt-rhel.config @@ -4458,7 +4458,7 @@ CONFIG_NFT_SYNPROXY=m CONFIG_NFT_TPROXY=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_XFRM=m -CONFIG_N_GSM=m +# CONFIG_N_GSM is not set CONFIG_N_HDLC=m # CONFIG_NI903X_WDT is not set # CONFIG_NIC7018_WDT is not set diff --git a/kernel.changelog b/kernel.changelog index cd66dd1b8..ec9b055a2 100644 --- a/kernel.changelog +++ b/kernel.changelog @@ -1,8 +1,14 @@ -* Tue Oct 22 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.40] +* Wed Oct 23 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.41] - tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Jan Stancek) - tools/rtla: drop __NR_sched_getattr (Jan Stancek) Resolves: +* Wed Oct 23 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.40] +- Enable CONFIG_SECURITY_IPE for Fedora (Zbigniew Jędrzejewski-Szmek) +- redhat: allow to override VERSION_ON_UPSTREAM from command line (Jan Stancek) +- redhat: configs: Enable CONFIG_SECURITY_TOMOYO in Fedora kernels (Tetsuo Handa) +Resolves: + * Tue Oct 22 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.39] - Revert "Merge branch 'enablement/gpio-expander' into 'os-build'" (Justin M. Forbes) - Linux v6.12.0-0.rc4.c2ee9f594da8 diff --git a/kernel.spec b/kernel.spec index b676e1ea6..56ba06228 100644 --- a/kernel.spec +++ b/kernel.spec @@ -163,13 +163,13 @@ Summary: The Linux kernel %define specrpmversion 6.12.0 %define specversion 6.12.0 %define patchversion 6.12 -%define pkgrelease 0.rc4.20241022gitc2ee9f594da8.40 +%define pkgrelease 0.rc4.20241023gitc2ee9f594da8.41 %define kversion 6 %define tarfile_release 6.12-rc4-47-gc2ee9f594da8 # This is needed to do merge window version magic %define patchlevel 12 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc4.20241022gitc2ee9f594da8.40%{?buildid}%{?dist} +%define specrelease 0.rc4.20241023gitc2ee9f594da8.41%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.12.0 @@ -4136,10 +4136,15 @@ fi\ # # %changelog -* Tue Oct 22 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.40] +* Wed Oct 23 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.41] - tools/rtla: fix collision with glibc sched_attr/sched_set_attr (Jan Stancek) - tools/rtla: drop __NR_sched_getattr (Jan Stancek) +* Wed Oct 23 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.40] +- Enable CONFIG_SECURITY_IPE for Fedora (Zbigniew Jędrzejewski-Szmek) +- redhat: allow to override VERSION_ON_UPSTREAM from command line (Jan Stancek) +- redhat: configs: Enable CONFIG_SECURITY_TOMOYO in Fedora kernels (Tetsuo Handa) + * Tue Oct 22 2024 Fedora Kernel Team [6.12.0-0.rc4.c2ee9f594da8.39] - Revert "Merge branch 'enablement/gpio-expander' into 'os-build'" (Justin M. Forbes) - Linux v6.12.0-0.rc4.c2ee9f594da8 diff --git a/sources b/sources index bf4aa438e..ae43fcc60 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (linux-6.12-rc4-47-gc2ee9f594da8.tar.xz) = 0f7cdeb915b7e337283f030b78f5c4ca90d67edff97246178dc7ecf1c9061a82d818b4d3e44687f98d08900ccb5da63d3933bdc7b4dec00a6b3879bf2b5400e3 -SHA512 (kernel-abi-stablelists-6.12.0.tar.xz) = 8f8e1ac9a2f07a8638c0c86d28c7ae19af0fd98c457b46b8093ad393ab3a645502c50a249cc710c95dbb827726b29ba3fa39ab846986085841681b0a8ffb9baa -SHA512 (kernel-kabi-dw-6.12.0.tar.xz) = 4de8ac895703237fb046724179acddb3eae5553627803a23a5472b07458cdbe3347cf43756407cbee7ab16ec4ba2e8aed149e42d92e529612b265b24158873af +SHA512 (kernel-abi-stablelists-6.12.0.tar.xz) = 895763daa5d95498c0dff66cc13d3abb1475df821f0e63466a4a524fd35c0b8e2c73b80a194c6839b1509c5f10e4d189ebb68b09fbf585c504aef614c38127f0 +SHA512 (kernel-kabi-dw-6.12.0.tar.xz) = 3040a551e6cbdd290165d59d634c35266c8392fb0ffa7d62e0691b6ade8d525ba5d0799a93a2b8492a3cc0f4ee11a0dfa5b4ac8cdff9fce515aee9c5ab52da14