From 4340508d59acb9ca6da2cdad0165910f7216a990 Mon Sep 17 00:00:00 2001
From: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
Date: Mon, 12 Feb 2024 12:02:04 +0000
Subject: [PATCH] feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM

Both in arm64 and amd64.

Signed-off-by: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
---
 kernel/build/config-amd64 | 6 +++---
 kernel/build/config-arm64 | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kernel/build/config-amd64 b/kernel/build/config-amd64
index 7667f9a9d..a8d851e7b 100644
--- a/kernel/build/config-amd64
+++ b/kernel/build/config-amd64
@@ -119,7 +119,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # end of BPF subsystem
 
 CONFIG_PREEMPT_BUILD=y
@@ -5627,7 +5627,7 @@ CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
@@ -5677,7 +5677,7 @@ CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf"
 
 #
 # Kernel hardening options
diff --git a/kernel/build/config-arm64 b/kernel/build/config-arm64
index 8b21a6ae9..f43389ec7 100644
--- a/kernel/build/config-arm64
+++ b/kernel/build/config-arm64
@@ -100,7 +100,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # end of BPF subsystem
 
 CONFIG_PREEMPT_VOLUNTARY_BUILD=y
@@ -8338,7 +8338,7 @@ CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
@@ -8387,7 +8387,7 @@ CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf"
 
 #
 # Kernel hardening options