aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/Config-build.in24
-rw-r--r--config/Config-kernel.in2
2 files changed, 23 insertions, 3 deletions
diff --git a/config/Config-build.in b/config/Config-build.in
index 37cc3d7e5a..8e12199cbd 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -329,27 +329,45 @@ menu "Global build settings"
endchoice
config TARGET_ROOTFS_SECURITY_LABELS
- bool "Enable rootfs security labels"
+ bool
select KERNEL_SQUASHFS_XATTR
select KERNEL_EXT4_FS_SECURITY
select KERNEL_F2FS_FS_SECURITY
select KERNEL_UBIFS_FS_SECURITY
select KERNEL_JFFS2_FS_SECURITY
+
+ config SELINUX
+ bool "Enable SELinux"
+ select KERNEL_SECURITY_SELINUX
+ select TARGET_ROOTFS_SECURITY_LABELS
+ select PACKAGE_procd-selinux
+ select PACKAGE_busybox-selinux
help
- This option enables the usage of SELinux labels
+ This option enables SELinux kernel features, applies security labels
+ in squashfs rootfs and selects the selinux-variants of busybox and procd.
+
+ Selecting this option results in about 0.5MiB of additional flash space
+ usage accounting for increased kernel and rootfs size.
choice
prompt "default SELinux type"
depends on TARGET_ROOTFS_SECURITY_LABELS
default SELINUXTYPE_dssp
help
- Choose SELinux policy to be used for build.
+ Select SELinux policy to be installed and used for applying rootfs labels.
+
config SELINUXTYPE_targeted
bool "targeted"
select PACKAGE_refpolicy
+ help
+ SELinux Reference Policy (refpolicy)
+
config SELINUXTYPE_dssp
bool "dssp"
select PACKAGE_selinux-policy
+ help
+ Defensec SELinux Security Policy -- OpenWrt edition
+
endchoice
endmenu
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 32383dadab..dcf6df97ad 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -1124,6 +1124,7 @@ config KERNEL_SECURITY_SELINUX
config KERNEL_SECURITY_SELINUX_BOOTPARAM
bool "NSA SELinux boot parameter"
depends on KERNEL_SECURITY_SELINUX
+ default y
config KERNEL_SECURITY_SELINUX_DISABLE
bool "NSA SELinux runtime disable"
@@ -1132,6 +1133,7 @@ config KERNEL_SECURITY_SELINUX_DISABLE
config KERNEL_SECURITY_SELINUX_DEVELOP
bool "NSA SELinux Development Support"
depends on KERNEL_SECURITY_SELINUX
+ default y
config KERNEL_LSM
string
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 22:29:58 +0000