| Message ID | 20200609151833.43523-1-stephen.smalley.work@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | [testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1 | expand |
On Tue, Jun 9, 2020 at 11:18 AM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > When generating a kernel config for testing per the README.md instructions > based on localmodconfig followed by merge_config.sh with this defconfig > fragment, I found that certain tests were failing due to missing options. > We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests > and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs > tests. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> > --- > defconfig | 2 ++ > 1 file changed, 2 insertions(+) Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/defconfig b/defconfig > index 00bf9f3..0c96408 100644 > --- a/defconfig > +++ b/defconfig > @@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y > CONFIG_NF_CONNTRACK_SECMARK=y > CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m > CONFIG_NETFILTER_XT_TARGET_SECMARK=m > +CONFIG_NETFILTER_XT_MATCH_STATE=m > CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp > > # Filesystem security labeling support. > @@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y > # This is not required for SELinux operation itself. > CONFIG_NFS_FS=m > CONFIG_NFS_V4=m > +CONFIG_NFS_V4_1=y > CONFIG_NFS_V4_2=y > CONFIG_NFS_V4_SECURITY_LABEL=y > CONFIG_NFSD=m > -- > 2.25.1 >
On Wed, Jun 10, 2020 at 4:40 PM Paul Moore <paul@paul-moore.com> wrote: > On Tue, Jun 9, 2020 at 11:18 AM Stephen Smalley > <stephen.smalley.work@gmail.com> wrote: > > > > When generating a kernel config for testing per the README.md instructions > > based on localmodconfig followed by merge_config.sh with this defconfig > > fragment, I found that certain tests were failing due to missing options. > > We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests > > and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs > > tests. > > > > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> > > --- > > defconfig | 2 ++ > > 1 file changed, 2 insertions(+) > > Acked-by: Paul Moore <paul@paul-moore.com> Now applied, thanks!
diff --git a/defconfig b/defconfig index 00bf9f3..0c96408 100644 --- a/defconfig +++ b/defconfig @@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m +CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp # Filesystem security labeling support. @@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y # This is not required for SELinux operation itself. CONFIG_NFS_FS=m CONFIG_NFS_V4=m +CONFIG_NFS_V4_1=y CONFIG_NFS_V4_2=y CONFIG_NFS_V4_SECURITY_LABEL=y CONFIG_NFSD=m
When generating a kernel config for testing per the README.md instructions based on localmodconfig followed by merge_config.sh with this defconfig fragment, I found that certain tests were failing due to missing options. We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs tests. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> --- defconfig | 2 ++ 1 file changed, 2 insertions(+)