mirror of
https://github.com/openharmony/kernel_linux_config.git
synced 2026-07-01 02:11:10 -04:00
内核defconfig修复:禁用QEMU不支持的安全特性和MTE
qemu-arm-linux_standard_defconfig修改: - 禁用:CONFIG_KSM、CONFIG_SECURITY、CONFIG_SECURITY_SELINUX、CONFIG_FS_VERITY、CONFIG_SECURITY_CODE_SIGN、CONFIG_SECURITY_XPM、CONFIG_ARM64_MTE - 启用:CONFIG_SECURITYFS、CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR、CONFIG_DEFAULT_SECURITY_DAC QEMU虚拟平台不需要SELinux、代码签名、XPM等安全特性,禁用后避免内核编译依赖缺失;MTE因QEMU不支持需禁用;DEFAULT_SECURITY_DAC作为禁用SELinux后的替代安全模型 Co-Authored-By: Agent Signed-off-by: chenjinxiang3 <chenjinxiang3@huawei.com> Change-Id: I8ad3bf6aa6b32f9201b4429f7f519eef53fab1d0
This commit is contained in:
@@ -122,7 +122,7 @@ CONFIG_JUMP_LABEL=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
|
||||
CONFIG_KSM=y
|
||||
# CONFIG_KSM is not set
|
||||
CONFIG_MEMORY_FAILURE=y
|
||||
CONFIG_TRANSPARENT_HUGEPAGE=y
|
||||
CONFIG_NET=y
|
||||
@@ -1056,7 +1056,17 @@ CONFIG_ROOT_NFS=y
|
||||
CONFIG_9P_FS=y
|
||||
CONFIG_NLS_CODEPAGE_437=y
|
||||
CONFIG_NLS_ISO8859_1=y
|
||||
CONFIG_SECURITY=y
|
||||
# CONFIG_SECURITY is not set
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_FS_VERITY is not set
|
||||
# CONFIG_SECURITY_CODE_SIGN is not set
|
||||
# CONFIG_SECURITY_XPM is not set
|
||||
CONFIG_SECURITYFS=y
|
||||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
# CONFIG_HARDENED_USERCOPY is not set
|
||||
# CONFIG_FORTIFY_SOURCE is not set
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_CRYPTO_ECHAINIV=y
|
||||
CONFIG_CRYPTO_ANSI_CPRNG=y
|
||||
CONFIG_CRYPTO_USER_API_RNG=m
|
||||
@@ -1078,3 +1088,5 @@ CONFIG_DEBUG_KERNEL=y
|
||||
# CONFIG_DEBUG_PREEMPT is not set
|
||||
# CONFIG_FTRACE is not set
|
||||
CONFIG_MEMTEST=y
|
||||
# CONFIG_ARCH_USES_PG_ARCH_X is not set
|
||||
# CONFIG_ARM64_MTE is not set
|
||||
|
||||
Reference in New Issue
Block a user