[linux] 01/02: integrity: Enable IMA and related kconfig symbols (except on armel/marvell)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Apr 27 17:37:45 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit f3c3de0f6000fd6280396dd9b354699839c3cacb
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Tue Apr 25 23:43:17 2017 +0100
integrity: Enable IMA and related kconfig symbols (except on armel/marvell)
Closes: #788290
Based on advice from Matthew Garrett.
---
debian/changelog | 3 +++
debian/config/armel/config.marvell | 5 +++++
debian/config/config | 16 +++++++++++++++-
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 8465536..e53941b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -343,6 +343,9 @@ linux (4.9.24-1) UNRELEASED; urgency=medium
* [x86] gpio: Enable GPIO_AMDPT as module
* [x86] thermal: Enable INT3406_THERMAL as module
* watchdog: Enable WATCHDOG_SYSFS
+ * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
+ IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
+ (except on armel/marvell) (Closes: #788290)
[ Salvatore Bonaccorso ]
* ping: implement proper locking (CVE-2017-2671)
diff --git a/debian/config/armel/config.marvell b/debian/config/armel/config.marvell
index e28bb1a..2d108a6 100644
--- a/debian/config/armel/config.marvell
+++ b/debian/config/armel/config.marvell
@@ -763,6 +763,11 @@ CONFIG_IPV6=m
# CONFIG_NET_MPLS_GSO is not set
##
+## file: security/integrity/ima/Kconfig
+##
+# CONFIG_IMA is not set
+
+##
## file: sound/soc/Kconfig
##
CONFIG_SND_SOC=m
diff --git a/debian/config/config b/debian/config/config
index 0065244..f4e4252 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -6909,6 +6909,7 @@ CONFIG_SECURITY_APPARMOR_HASH=y
##
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_TRUSTED_KEYRING=y
CONFIG_INTEGRITY_AUDIT=y
##
@@ -6919,7 +6920,20 @@ CONFIG_INTEGRITY_AUDIT=y
##
## file: security/integrity/ima/Kconfig
##
-# CONFIG_IMA is not set
+CONFIG_IMA=y
+## choice: Default integrity hash algorithm
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
+# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
+## end choice
+# CONFIG_IMA_WRITE_POLICY is not set
+# CONFIG_IMA_READ_POLICY is not set
+CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+CONFIG_IMA_BLACKLIST_KEYRING=y
+# CONFIG_IMA_LOAD_X509 is not set
+# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
##
## file: security/keys/Kconfig
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list