kernel/kernel-rt/debian/deb_patches/0016-Debian-Added-apparmor-security-module.patch

From e3e6c81a428f5fb04db674b90d1a5455d1b4fbd3 Mon Sep 17 00:00:00 2001
From: Haiqing Bai <haiqing.bai@windriver.com>
Date: Wed, 6 Jul 2022 06:12:26 +0000
Subject: [PATCH] Debian: Added apparmor security module

Added apparmor and its required kernel configs, but not
enable apparmor by default.

Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
---
 debian/config/amd64/none/config | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/debian/config/amd64/none/config b/debian/config/amd64/none/config
index 0d66ceff0..b709a2632 100644
--- a/debian/config/amd64/none/config
+++ b/debian/config/amd64/none/config
@@ -5655,7 +5655,7 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_PAGE_TABLE_ISOLATION=y
 # CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=65536
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
@@ -5674,13 +5674,14 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
 CONFIG_SECURITY_LOCKDOWN_LSM=y
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
-- 
2.30.2