Skip to content

Enable options for hid_bpf and landlock #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hrdl-github wants to merge 2 commits into
base: branch_rebase_6.12defconfig
Choose a base branch
from
Open

Enable options for hid_bpf and landlock #10

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e85e597
arm64: pinenote_defconfig: Add options for hid_bpf
hrdl-github Feb 16, 2025
d9d498e
arm64: pinenote_defconfig: Add options for landlock
hrdl-github Feb 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 34 additions & 3 deletions arch/arm64/configs/pinenote_defconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,13 +186,10 @@ CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_UTF8=y
CONFIG_UNICODE=y
CONFIG_KEYS=y
CONFIG_LSM=""
CONFIG_DMA_CMA=y
CONFIG_PRINTK_TIME=y
# CONFIG_DEBUG_MISC is not set
CONFIG_DEBUG_INFO_DWARF5=y
CONFIG_DEBUG_INFO_REDUCED=y
CONFIG_DEBUG_INFO_SPLIT=y
CONFIG_MAGIC_SYSRQ=y
# CONFIG_MAGIC_SYSRQ_SERIAL is not set
CONFIG_DEBUG_FS=y
Expand Down Expand Up @@ -225,6 +222,11 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
CONFIG_FUNCTION_GRAPH_RETVAL=y
CONFIG_OF_OVERLAY=y

##
## file: arch/Kconfig
##
CONFIG_KPROBES=y

##
## file: arch/arm64/crypto/Kconfig
##
Expand Down Expand Up @@ -549,6 +551,11 @@ CONFIG_HIDRAW=y
CONFIG_UHID=m
CONFIG_HID_MICROSOFT=y

##
## file: drivers/hid/bpf/Kconfig
##
CONFIG_HID_BPF=y

##
## file: drivers/hid/i2c-hid/Kconfig
##
Expand Down Expand Up @@ -1342,6 +1349,19 @@ CONFIG_PM_TEST_SUSPEND=y
CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y
CONFIG_ENERGY_MODEL=y

##
## file: kernel/trace/Kconfig
##
CONFIG_KPROBE_EVENTS=y
CONFIG_UPROBE_EVENTS=y

##
## file: lib/Kconfig.debug
##
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_DEBUG_INFO_SPLIT is not set
CONFIG_DEBUG_INFO_BTF=y

##
## file: net/Kconfig
##
Expand Down Expand Up @@ -1503,6 +1523,17 @@ CONFIG_CFG80211_DEBUGFS=y
##
CONFIG_XFRM_USER=m

##
## file: security/Kconfig
##
CONFIG_LSM="landlock"
Copy link
Copy Markdown

@diederikdehaas diederikdehaas Feb 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason you choose landlock here? It's an improvement over the previous config, but by default it's a whole list, but you only enable "landlock" here.
I assume there's a good reason for it, but please document that in the commit message.

FWIW: The Debian kernel config has CONFIG_DEFAULT_SECURITY_APPARMOR=y

Copy link
Copy Markdown
Author

@hrdl-github hrdl-github Feb 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've amended my commit. The other modules are not enabled yet and I haven't looked into their function yet, so I only enabled what I could readily test.

Copy link
Copy Markdown

@diederikdehaas diederikdehaas Feb 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FTR: I would be absolutely fine to gradually enable these security features one-by-one and see what their effects are. Just document it in git commit message(s).

CONFIG_SECURITY=y

##
## file: security/landlock/Kconfig
##
CONFIG_SECURITY_LANDLOCK=y

##
## file: sound/Kconfig
##
Expand Down