Merge pull request #436 from ajs124/master

core/linux-raspberrypi enable Tomoyo, AppArmor and SELinux

core/linux-raspberrypi/PKGBUILD

@@ -9,7 +9,7 @@ pkgname=('linux-raspberrypi' 'linux-headers-raspberrypi')
 _kernelname=${pkgname#linux}
 _basekernel=3.6
 pkgver=${_basekernel}.11
-pkgrel=8
+pkgrel=9
 arch=('arm armv6h')
 url="http://www.kernel.org/"
 license=('GPL2')
@@ -271,5 +271,5 @@ md5sums=('116a0c854e31bc0cdca41e490b2b26ea'
          'a00e424e2fbb8c5a5f77ba2c4871bed4'
          '2f82dbe5752af65ff409d737caf11954'
          'ca74031c9e9bfc9f4a668924dcb37f4c'
-         '1e46f207dcf2dd9392a099a437bb9b3e')
+         'd9ae544dcfa61e19cd4b2dc9a3f37b02')
 

core/linux-raspberrypi/config

@@ -604,7 +604,7 @@ CONFIG_IPV6_MROUTE=y
 # CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set
 # CONFIG_IPV6_PIMSM_V2 is not set
 # CONFIG_NETLABEL is not set
-# CONFIG_NETWORK_SECMARK is not set
+CONFIG_NETWORK_SECMARK=y
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
 # CONFIG_NETFILTER_DEBUG is not set
@@ -620,6 +620,7 @@ CONFIG_NETFILTER_NETLINK_QUEUE=m
 CONFIG_NETFILTER_NETLINK_LOG=m
 CONFIG_NF_CONNTRACK=m
 CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_SECMARK is not set
 CONFIG_NF_CONNTRACK_ZONES=y
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
@@ -676,6 +677,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
 CONFIG_NETFILTER_XT_TARGET_TEE=m
 CONFIG_NETFILTER_XT_TARGET_TPROXY=m
 CONFIG_NETFILTER_XT_TARGET_TRACE=m
+# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
 CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
 CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
 
@@ -3494,16 +3496,33 @@ CONFIG_KEYS=y
 # CONFIG_KEYS_DEBUG_PROC_KEYS is not set
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
 CONFIG_SECURITY=y
-# CONFIG_SECURITYFS is not set
+CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
-# CONFIG_SECURITY_SELINUX is not set
+CONFIG_LSM_MMAP_MIN_ADDR=32768
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_SELINUX=y
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_YAMA is not set
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=y