From 7146892d0767452eb04d5723b4dc535038887cad Mon Sep 17 00:00:00 2001
From: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
Date: Mon, 12 Feb 2024 12:02:04 +0000
Subject: [PATCH] feat: enable CONFIG_SECURITY_PATH and CONFIG_BPF_LSM

Both in arm64 and amd64.

Signed-off-by: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 4340508d59acb9ca6da2cdad0165910f7216a990)
---
 kernel/build/config-amd64 | 6 +++---
 kernel/build/config-arm64 | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/kernel/build/config-amd64 b/kernel/build/config-amd64
index b353bc10..ee7c3c56 100644
--- a/kernel/build/config-amd64
+++ b/kernel/build/config-amd64
@@ -119,7 +119,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # end of BPF subsystem
 
 CONFIG_PREEMPT_NONE_BUILD=y
@@ -5208,7 +5208,7 @@ CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_INFINIBAND is not set
 CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_PATH=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
@@ -5259,7 +5259,7 @@ CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf"
 
 #
 # Kernel hardening options
diff --git a/kernel/build/config-arm64 b/kernel/build/config-arm64
index 21c7d619..ff053549 100644
--- a/kernel/build/config-arm64
+++ b/kernel/build/config-arm64
@@ -101,7 +101,7 @@ CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
 # CONFIG_BPF_PRELOAD is not set
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 # end of BPF subsystem
 
 CONFIG_PREEMPT_NONE_BUILD=y
@@ -7744,6 +7744,7 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_NETWORK_XFRM=y
 # CONFIG_SECURITY_PATH is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
+CONFIG_SECURITY_PATH=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
@@ -7792,7 +7793,7 @@ CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="yama,loadpin,safesetid,integrity"
+CONFIG_LSM="yama,loadpin,safesetid,integrity,bpf"
 
 #
 # Kernel hardening options