From 070f777d2b4ae164abd131b05e72b1f083f446bd Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Mar 10 2024 13:56:07 +0000 Subject: kernel 6.7.9 disable early lockdown I hate this --- diff --git a/SOURCES/kernel-aarch64-16k-debug-fedora.config b/SOURCES/kernel-aarch64-16k-debug-fedora.config index 9ff368c..23ac463 100644 --- a/SOURCES/kernel-aarch64-16k-debug-fedora.config +++ b/SOURCES/kernel-aarch64-16k-debug-fedora.config @@ -7018,7 +7018,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-16k-fedora.config b/SOURCES/kernel-aarch64-16k-fedora.config index 4a2d617..254b9f7 100644 --- a/SOURCES/kernel-aarch64-16k-fedora.config +++ b/SOURCES/kernel-aarch64-16k-fedora.config @@ -6991,7 +6991,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-64k-debug-rhel.config b/SOURCES/kernel-aarch64-64k-debug-rhel.config index 5350ae9..8f90f0c 100644 --- a/SOURCES/kernel-aarch64-64k-debug-rhel.config +++ b/SOURCES/kernel-aarch64-64k-debug-rhel.config @@ -5650,7 +5650,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-64k-rhel.config b/SOURCES/kernel-aarch64-64k-rhel.config index 4186861..f32a0b9 100644 --- a/SOURCES/kernel-aarch64-64k-rhel.config +++ b/SOURCES/kernel-aarch64-64k-rhel.config @@ -5627,7 +5627,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-debug-fedora.config b/SOURCES/kernel-aarch64-debug-fedora.config index f94d35a..7704b5c 100644 --- a/SOURCES/kernel-aarch64-debug-fedora.config +++ b/SOURCES/kernel-aarch64-debug-fedora.config @@ -7018,7 +7018,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-debug-rhel.config b/SOURCES/kernel-aarch64-debug-rhel.config index 07cd10c..8367fd8 100644 --- a/SOURCES/kernel-aarch64-debug-rhel.config +++ b/SOURCES/kernel-aarch64-debug-rhel.config @@ -5646,7 +5646,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-fedora.config b/SOURCES/kernel-aarch64-fedora.config index 738e4be..b638903 100644 --- a/SOURCES/kernel-aarch64-fedora.config +++ b/SOURCES/kernel-aarch64-fedora.config @@ -6991,7 +6991,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-rhel.config b/SOURCES/kernel-aarch64-rhel.config index 8d41ffa..e593728 100644 --- a/SOURCES/kernel-aarch64-rhel.config +++ b/SOURCES/kernel-aarch64-rhel.config @@ -5623,7 +5623,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-rt-debug-rhel.config b/SOURCES/kernel-aarch64-rt-debug-rhel.config index 6ff8207..8467f47 100644 --- a/SOURCES/kernel-aarch64-rt-debug-rhel.config +++ b/SOURCES/kernel-aarch64-rt-debug-rhel.config @@ -5698,7 +5698,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-aarch64-rt-rhel.config b/SOURCES/kernel-aarch64-rt-rhel.config index 4f7912e..7035ff7 100644 --- a/SOURCES/kernel-aarch64-rt-rhel.config +++ b/SOURCES/kernel-aarch64-rt-rhel.config @@ -5675,7 +5675,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-ppc64le-debug-fedora.config b/SOURCES/kernel-ppc64le-debug-fedora.config index 972cfc8..4764705 100644 --- a/SOURCES/kernel-ppc64le-debug-fedora.config +++ b/SOURCES/kernel-ppc64le-debug-fedora.config @@ -5728,7 +5728,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-ppc64le-debug-rhel.config b/SOURCES/kernel-ppc64le-debug-rhel.config index bb0d6df..7a0d8e1 100644 --- a/SOURCES/kernel-ppc64le-debug-rhel.config +++ b/SOURCES/kernel-ppc64le-debug-rhel.config @@ -5194,7 +5194,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-ppc64le-fedora.config b/SOURCES/kernel-ppc64le-fedora.config index f3382b9..d8b860a 100644 --- a/SOURCES/kernel-ppc64le-fedora.config +++ b/SOURCES/kernel-ppc64le-fedora.config @@ -5699,7 +5699,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-ppc64le-rhel.config b/SOURCES/kernel-ppc64le-rhel.config index dc57e1d..cf7e0ce 100644 --- a/SOURCES/kernel-ppc64le-rhel.config +++ b/SOURCES/kernel-ppc64le-rhel.config @@ -5173,7 +5173,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-s390x-debug-fedora.config b/SOURCES/kernel-s390x-debug-fedora.config index ea107d3..1d6a192 100644 --- a/SOURCES/kernel-s390x-debug-fedora.config +++ b/SOURCES/kernel-s390x-debug-fedora.config @@ -5659,7 +5659,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-s390x-debug-rhel.config b/SOURCES/kernel-s390x-debug-rhel.config index c0f9b83..b65f692 100644 --- a/SOURCES/kernel-s390x-debug-rhel.config +++ b/SOURCES/kernel-s390x-debug-rhel.config @@ -5173,7 +5173,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-s390x-fedora.config b/SOURCES/kernel-s390x-fedora.config index e61d28b..7d02453 100644 --- a/SOURCES/kernel-s390x-fedora.config +++ b/SOURCES/kernel-s390x-fedora.config @@ -5630,7 +5630,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-s390x-rhel.config b/SOURCES/kernel-s390x-rhel.config index 654b6ca..0eeed81 100644 --- a/SOURCES/kernel-s390x-rhel.config +++ b/SOURCES/kernel-s390x-rhel.config @@ -5152,7 +5152,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-s390x-zfcpdump-rhel.config b/SOURCES/kernel-s390x-zfcpdump-rhel.config index 6840b0a..a3688c1 100644 --- a/SOURCES/kernel-s390x-zfcpdump-rhel.config +++ b/SOURCES/kernel-s390x-zfcpdump-rhel.config @@ -5170,7 +5170,7 @@ CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY is not set # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-debug-fedora.config b/SOURCES/kernel-x86_64-debug-fedora.config index c53228e..fb05296 100644 --- a/SOURCES/kernel-x86_64-debug-fedora.config +++ b/SOURCES/kernel-x86_64-debug-fedora.config @@ -6107,7 +6107,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index 3e6acda..97ef3dd 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -5405,7 +5405,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-fedora.config b/SOURCES/kernel-x86_64-fedora.config index 6b6f84a..5f4d43c 100644 --- a/SOURCES/kernel-x86_64-fedora.config +++ b/SOURCES/kernel-x86_64-fedora.config @@ -6079,7 +6079,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_LANDLOCK=y # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 60ae0b8..e460396 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -5383,7 +5383,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config index 5f037bb..e93fcef 100644 --- a/SOURCES/kernel-x86_64-rt-debug-rhel.config +++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config @@ -5457,7 +5457,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config index 2fcde56..50338c2 100644 --- a/SOURCES/kernel-x86_64-rt-rhel.config +++ b/SOURCES/kernel-x86_64-rt-rhel.config @@ -5435,7 +5435,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_INFINIBAND=y # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK=y diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 20e21ea..013fa89 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -169,7 +169,7 @@ Summary: The Linux kernel # This is needed to do merge window version magic %define patchlevel 7 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 202%{?buildid}%{?dist} +%define specrelease 203%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.7.9 @@ -3998,6 +3998,9 @@ fi\ # # %changelog +* Sun Mar 10 2024 Jan200101 - 6.7.9-203.fsync +- kernel-fsync v6.7.7 disable early lockdown + * Sat Mar 09 2024 Jan200101 - 6.7.9-202.fsync - kernel-fsync v6.7.9 AMD SFH sensitivity patch diff --git a/TOOLS/patch_configs.py b/TOOLS/patch_configs.py index 45be623..9fe038e 100755 --- a/TOOLS/patch_configs.py +++ b/TOOLS/patch_configs.py @@ -20,6 +20,7 @@ GENERIC_PATCHES = [ ["NTSYNC", None, ENABLE], ["USER_NS_UNPRIVILEGED", None, ENABLE], ["TCP_CONG_BBR2", None, MODULE], + ["SECURITY_LOCKDOWN_LSM_EARLY", None, UNSET], # device specific config # Microsoft Surface