From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 17 Dec 2013 11:52:54 +0000 (+0100)
Subject: disable CONFIG_DEFAULT_SECURITY_SELINUX
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=f396caf4ea5d01785324b7e328455d882d1b760b;p=pve-kernel-3.10.0.git

disable CONFIG_DEFAULT_SECURITY_SELINUX
---

diff --git a/README b/README
index 3cc4742..d5c07d8 100644
--- a/README
+++ b/README
@@ -96,6 +96,10 @@ see config-3.10.0.diff
   Else we get warnings on boot, that
   net.bridge.bridge-nf-call-iptables is an unknown key
 
+- disable CONFIG_DEFAULT_SECURITY_SELINUX
+
+  Use same SELINUX config as debian kernels (CONFIG_DEFAULT_SECURITY_DAC=y)
+
 # Note: enable now for testing
 #- disable CONFIG_BRIDGE_IGMP_SNOOPING 
 #
diff --git a/config-3.10.0.diff b/config-3.10.0.diff
index 955f987..7970e73 100644
--- a/config-3.10.0.diff
+++ b/config-3.10.0.diff
@@ -1,5 +1,5 @@
 --- rh-kernel-src/kernel-3.10.0-x86_64.config	2013-12-16 08:05:07.513206660 +0100
-+++ linux-2.6-3.10.0/.config	2013-12-17 10:53:21.232535799 +0100
++++ linux-2.6-3.10.0/.config	2013-12-17 12:51:02.505690103 +0100
 @@ -1,7 +1,6 @@
 -# x86_64
  #
@@ -114,7 +114,32 @@
  CONFIG_DLM=m
  CONFIG_DLM_DEBUG=y
  
-@@ -5049,7 +5044,7 @@
+@@ -4956,9 +4951,8 @@
+ CONFIG_INTEL_TXT=y
+ CONFIG_LSM_MMAP_MIN_ADDR=65535
+ CONFIG_SECURITY_SELINUX=y
+-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+-CONFIG_SECURITY_SELINUX_DISABLE=y
++# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
++# CONFIG_SECURITY_SELINUX_DISABLE is not set
+ CONFIG_SECURITY_SELINUX_DEVELOP=y
+ CONFIG_SECURITY_SELINUX_AVC_STATS=y
+ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+@@ -4975,9 +4969,9 @@
+ CONFIG_IMA_AUDIT=y
+ CONFIG_IMA_LSM_RULES=y
+ # CONFIG_IMA_APPRAISE is not set
+-CONFIG_DEFAULT_SECURITY_SELINUX=y
+-# CONFIG_DEFAULT_SECURITY_DAC is not set
+-CONFIG_DEFAULT_SECURITY="selinux"
++# CONFIG_DEFAULT_SECURITY_SELINUX is not set
++CONFIG_DEFAULT_SECURITY_DAC=y
++CONFIG_DEFAULT_SECURITY=""
+ CONFIG_XOR_BLOCKS=m
+ CONFIG_ASYNC_CORE=m
+ CONFIG_ASYNC_MEMCPY=m
+@@ -5049,7 +5043,7 @@
  CONFIG_CRYPTO_CRC32C_INTEL=m
  CONFIG_CRYPTO_CRC32=m
  CONFIG_CRYPTO_CRC32_PCLMUL=m
@@ -123,7 +148,7 @@
  CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
  CONFIG_CRYPTO_GHASH=m
  CONFIG_CRYPTO_MD4=m
-@@ -5161,7 +5156,7 @@
+@@ -5161,7 +5155,7 @@
  CONFIG_PERCPU_RWSEM=y
  CONFIG_CRC_CCITT=m
  CONFIG_CRC16=y
@@ -132,7 +157,7 @@
  CONFIG_CRC_ITU_T=m
  CONFIG_CRC32=y
  # CONFIG_CRC32_SELFTEST is not set
-@@ -5208,6 +5203,7 @@
+@@ -5208,6 +5202,7 @@
  CONFIG_DQL=y
  CONFIG_NLATTR=y
  CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y