内核defconfig修复:禁用QEMU不支持的安全特性和MTE

qemu-arm-linux_standard_defconfig修改:
- 禁用:CONFIG_KSM、CONFIG_SECURITY、CONFIG_SECURITY_SELINUX、CONFIG_FS_VERITY、CONFIG_SECURITY_CODE_SIGN、CONFIG_SECURITY_XPM、CONFIG_ARM64_MTE
- 启用:CONFIG_SECURITYFS、CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR、CONFIG_DEFAULT_SECURITY_DAC
QEMU虚拟平台不需要SELinux、代码签名、XPM等安全特性,禁用后避免内核编译依赖缺失;MTE因QEMU不支持需禁用;DEFAULT_SECURITY_DAC作为禁用SELinux后的替代安全模型

Co-Authored-By: Agent
Signed-off-by: chenjinxiang3 <chenjinxiang3@huawei.com>
Change-Id: I8ad3bf6aa6b32f9201b4429f7f519eef53fab1d0
This commit is contained in:
chenjinxiang3
2026-06-01 16:58:24 +08:00
parent ce3e4dbc44
commit 0cac1ebf7a
@@ -122,7 +122,7 @@ CONFIG_JUMP_LABEL=y
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
CONFIG_KSM=y
# CONFIG_KSM is not set
CONFIG_MEMORY_FAILURE=y
CONFIG_TRANSPARENT_HUGEPAGE=y
CONFIG_NET=y
@@ -1056,7 +1056,17 @@ CONFIG_ROOT_NFS=y
CONFIG_9P_FS=y
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_ISO8859_1=y
CONFIG_SECURITY=y
# CONFIG_SECURITY is not set
# CONFIG_SECURITY_SELINUX is not set
# CONFIG_FS_VERITY is not set
# CONFIG_SECURITY_CODE_SIGN is not set
# CONFIG_SECURITY_XPM is not set
CONFIG_SECURITYFS=y
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
# CONFIG_HARDENED_USERCOPY is not set
# CONFIG_FORTIFY_SOURCE is not set
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_CRYPTO_ECHAINIV=y
CONFIG_CRYPTO_ANSI_CPRNG=y
CONFIG_CRYPTO_USER_API_RNG=m
@@ -1078,3 +1088,5 @@ CONFIG_DEBUG_KERNEL=y
# CONFIG_DEBUG_PREEMPT is not set
# CONFIG_FTRACE is not set
CONFIG_MEMTEST=y
# CONFIG_ARCH_USES_PG_ARCH_X is not set
# CONFIG_ARM64_MTE is not set