From: Vishal Bhoj vishal.bhoj@linaro.org
Signed-off-by: Vishal Bhoj vishal.bhoj@linaro.org --- linaro/configs/android.conf | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/linaro/configs/android.conf b/linaro/configs/android.conf index e4fd1ad..50e8ac2 100644 --- a/linaro/configs/android.conf +++ b/linaro/configs/android.conf @@ -40,3 +40,13 @@ CONFIG_ADF_FBDEV=y CONFIG_ADF_MEMBLOCK=y CONFIG_DMA_SHARED_BUFFER=y CONFIG_TUN=y +CONFIG_AUDIT=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_IP_NF_SECURITY=y +CONFIG_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_LSM_MMAP_MIN_ADDR=4096 +CONFIG_SECURITY_SELINUX=y +CONFIG_EXT4_FS_SECURITY=y
Vishal,
1. against which tree should it be applied? 2. do you want it enabled by default for all android builds?
On 17 June 2014 13:57, Vishal Bhoj vishal.bhoj@linaro.org wrote:
From: Vishal Bhoj vishal.bhoj@linaro.org
Signed-off-by: Vishal Bhoj vishal.bhoj@linaro.org
linaro/configs/android.conf | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/linaro/configs/android.conf b/linaro/configs/android.conf index e4fd1ad..50e8ac2 100644 --- a/linaro/configs/android.conf +++ b/linaro/configs/android.conf @@ -40,3 +40,13 @@ CONFIG_ADF_FBDEV=y CONFIG_ADF_MEMBLOCK=y CONFIG_DMA_SHARED_BUFFER=y CONFIG_TUN=y +CONFIG_AUDIT=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_IP_NF_SECURITY=y +CONFIG_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_LSM_MMAP_MIN_ADDR=4096 +CONFIG_SECURITY_SELINUX=y
+CONFIG_EXT4_FS_SECURITY=y
1.9.1
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
Hi,
On 17 June 2014 16:41, Fathi Boudra fathi.boudra@linaro.org wrote:
Vishal,
- against which tree should it be applied?
I have tested it against TC2 with the LSK tree. I was not sure if the patches directly go to LSK. I thought it should first go into config fragment tree.
- do you want it enabled by default for all android builds?
Moving ahead SELinux is mandatory for Android so it needs to be enabled across all the platforms we care for. Linux-linaro and LSK are validated on VExpress platform so I am enabling the userspace bits for VExpress to start with.
On 17 June 2014 13:57, Vishal Bhoj vishal.bhoj@linaro.org wrote:
From: Vishal Bhoj vishal.bhoj@linaro.org
Signed-off-by: Vishal Bhoj vishal.bhoj@linaro.org
linaro/configs/android.conf | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/linaro/configs/android.conf b/linaro/configs/android.conf index e4fd1ad..50e8ac2 100644 --- a/linaro/configs/android.conf +++ b/linaro/configs/android.conf @@ -40,3 +40,13 @@ CONFIG_ADF_FBDEV=y CONFIG_ADF_MEMBLOCK=y CONFIG_DMA_SHARED_BUFFER=y CONFIG_TUN=y +CONFIG_AUDIT=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_IP_NF_SECURITY=y +CONFIG_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_LSM_MMAP_MIN_ADDR=4096 +CONFIG_SECURITY_SELINUX=y
+CONFIG_EXT4_FS_SECURITY=y
1.9.1
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
On 17 June 2014 12:18, Vishal Bhoj vishal.bhoj@linaro.org wrote:
On 17 June 2014 16:41, Fathi Boudra fathi.boudra@linaro.org wrote:
Vishal,
- against which tree should it be applied?
I have tested it against TC2 with the LSK tree. I was not sure if the patches directly go to LSK. I thought it should first go into config fragment tree.
I don't know what the "config fragment tree" is but the LSK doesn't use it and you've not CCed - I guess you should send this to Andrey too for inclusion in linux-linaro? I've added him.
- do you want it enabled by default for all android builds?
Moving ahead SELinux is mandatory for Android so it needs to be enabled across all the platforms we care for. Linux-linaro and LSK are validated on VExpress platform so I am enabling the userspace bits for VExpress to start with.
OK, I'll a change to the LSK which enables these options - I can't see any reason to restrict them to Android so I won't just apply this as-is. Please include information like the above in the changelogs for patches, this is just generally good practice and will help people figure out why the change is being made and if it is sensible to apply it.
On 17 June 2014 14:53, Mark Brown broonie@linaro.org wrote:
On 17 June 2014 12:18, Vishal Bhoj vishal.bhoj@linaro.org wrote:
On 17 June 2014 16:41, Fathi Boudra fathi.boudra@linaro.org wrote:
Vishal,
- against which tree should it be applied?
I have tested it against TC2 with the LSK tree. I was not sure if the patches directly go to LSK. I thought it should first go into config fragment tree.
I don't know what the "config fragment tree" is but the LSK doesn't use it and you've not CCed - I guess you should send this to Andrey too for inclusion in linux-linaro? I've added him.
Applied, thanks. https://git.linaro.org/kernel/configs.git/commitdiff/19fe65531dd49538d568f77...
- do you want it enabled by default for all android builds?
Moving ahead SELinux is mandatory for Android so it needs to be enabled across all the platforms we care for. Linux-linaro and LSK are validated on VExpress platform so I am enabling the userspace bits for VExpress to start with.
OK, I'll a change to the LSK which enables these options - I can't see any reason to restrict them to Android so I won't just apply this as-is. Please include information like the above in the changelogs for patches, this is just generally good practice and will help people figure out why the change is being made and if it is sensible to apply it.
On Tue, 2014-06-17 at 12:53 +0100, Mark Brown wrote:
On 17 June 2014 12:18, Vishal Bhoj vishal.bhoj@linaro.org wrote:
On 17 June 2014 16:41, Fathi Boudra fathi.boudra@linaro.org wrote:
Vishal,
- against which tree should it be applied?
I have tested it against TC2 with the LSK tree. I was not sure if the patches directly go to LSK. I thought it should first go into config fragment tree.
I don't know what the "config fragment tree" is
The git repo with all the config fragments in... https://git.linaro.org/kernel/configs.git
but the LSK doesn't use it and you've not CCed - I guess you should send this to Andrey too for inclusion in linux-linaro?
The 'core' and 'boards' tracking topic branches of the config fragments repo are included in linux-linaro, so updates to the config will automatically find there way into linux-linaro
I've added him.
You didn't seem to have, unless this more of the Linaro's lists's default behaviour of dropping people from CC who are subscribed?
On 17 June 2014 13:16, Jon Medhurst (Tixy) tixy@linaro.org wrote:
On Tue, 2014-06-17 at 12:53 +0100, Mark Brown wrote:
I've added him.
You didn't seem to have, unless this more of the Linaro's lists's default behaviour of dropping people from CC who are subscribed?
Looks like it. It's really broken, it'd be good if we could get it fixed :/
On Tue, 2014-06-17 at 14:38 +0100, Mark Brown wrote:
On 17 June 2014 13:16, Jon Medhurst (Tixy) tixy@linaro.org wrote: On Tue, 2014-06-17 at 12:53 +0100, Mark Brown wrote: > I've added him. You didn't seem to have, unless this more of the Linaro's lists's default behaviour of dropping people from CC who are subscribed?
Looks like it. It's really broken, it'd be good if we could get it fixed :/
Yes, it's damned annoying as we've found out in the past, but I believe it's a 'feature', a per subscriber option unless I've got mixed up...
Avoid duplicate copies of messages?
When you are listed explicitly in the To: or Cc: headers of a list message, you can opt to not receive another copy from the mailing list. Select Yes to avoid receiving copies from the mailing list; select No to receive copies.
Though reading that help text, you'd think it could still leave the persons name in the CC on the mail sent to the list, just not deliver the list message to that person. So perhaps you could argue it's a bug.
On 17 June 2014 15:07, Jon Medhurst (Tixy) tixy@linaro.org wrote:
Yes, it's damned annoying as we've found out in the past, but I believe it's a 'feature', a per subscriber option unless I've got mixed up...
Avoid duplicate copies of messages? When you are listed explicitly in the To: or Cc: headers of a list message, you can opt to not receive another copy from the mailing list. Select Yes to avoid receiving copies from the mailing list; select No to receive copies.Though reading that help text, you'd think it could still leave the persons name in the CC on the mail sent to the list, just not deliver the list message to that person. So perhaps you could argue it's a bug.
Yes, this is a mailman misfeature exascerbated by their misleading help text. IMHO setting that option is never the right thing.
thanks -- PMM
On 17 June 2014 17:23, Mark Brown broonie@linaro.org wrote:
On 17 June 2014 12:18, Vishal Bhoj vishal.bhoj@linaro.org wrote:
On 17 June 2014 16:41, Fathi Boudra fathi.boudra@linaro.org wrote:
Vishal,
- against which tree should it be applied?
I have tested it against TC2 with the LSK tree. I was not sure if the patches directly go to LSK. I thought it should first go into config fragment tree.
I don't know what the "config fragment tree" is but the LSK doesn't use it and you've not CCed - I guess you should send this to Andrey too for inclusion in linux-linaro? I've added him.
I intended to add Andrey as well but somehow missed him.
- do you want it enabled by default for all android builds?
Moving ahead SELinux is mandatory for Android so it needs to be enabled across all the platforms we care for. Linux-linaro and LSK are validated on VExpress platform so I am enabling the userspace bits for VExpress to start with.
OK, I'll a change to the LSK which enables these options - I can't see any reason to restrict them to Android so I won't just apply this as-is. Please include information like the above in the changelogs for patches, this is just generally good practice and will help people figure out why the change is being made and if it is sensible to apply it.
Will keep this in mind.
-
Fathi Boudra -
Jon Medhurst (Tixy) -
Mark Brown -
Peter Maydell -
Vishal Bhoj