From e3e6c81a428f5fb04db674b90d1a5455d1b4fbd3 Mon Sep 17 00:00:00 2001 From: Haiqing Bai Date: Wed, 6 Jul 2022 06:12:26 +0000 Subject: [PATCH] Debian: Added apparmor security module Added apparmor and its required kernel configs, but not enable apparmor by default. Signed-off-by: Haiqing Bai --- debian/config/amd64/none/config | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/config/amd64/none/config b/debian/config/amd64/none/config index 0d66ceff0..b709a2632 100644 --- a/debian/config/amd64/none/config +++ b/debian/config/amd64/none/config @@ -5655,7 +5655,7 @@ CONFIG_SECURITY_NETWORK=y CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set CONFIG_SECURITY_NETWORK_XFRM=y -# CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y @@ -5674,13 +5674,14 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y # CONFIG_SECURITY_SAFESETID is not set CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y CONFIG_SECURITY_LOCKDOWN_LSM=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set CONFIG_DEFAULT_SECURITY_SELINUX=y # CONFIG_DEFAULT_SECURITY_DAC is not set -- 2.30.2