[cip-dev] Kindly review for kernel config changes

[cip-dev] Kindly review for kernel config changes

[Kento Yoshida]

[-- Attachment #1.1: Type: text/plain, Size: 1296 bytes --]

Hi,

The security working group need to use "nftables", and it requires to add the below kernel configs to work.
Before merging to the master branch of "isar-cip-core", would you kindly review to add the below configs by this Friday, everyone?

--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y
# CONFIG_XZ_DEC_ARM is not set
# CONFIG_XZ_DEC_ARMTHUMB is not set
# CONFIG_XZ_DEC_SPARC is not set
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NFT_EXTHDR=y
+CONFIG_NFT_META=y
+CONFIG_NFT_CT=y
+CONFIG_NFT_RBTREE=y
+CONFIG_NFT_HASH=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REDIR=y
+CONFIG_NFT_NAT=y
+CONFIG_NFT_QUEUE=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_REJECT_INET=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
+CONFIG_NFT_REJECT_IPV4=y
+CONFIG_NFT_CHAIN_NAT_IPV4=y
+CONFIG_NFT_MASQ_IPV4=y
+# CONFIG_NFT_REDIR_IPV4 is not set
+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
+CONFIG_NFT_REJECT_IPV6=y
+CONFIG_NFT_CHAIN_NAT_IPV6=y
+CONFIG_NFT_MASQ_IPV6=y
+# CONFIG_NFT_REDIR_IPV6 is not set
+CONFIG_NFT_BRIDGE_META=y
+CONFIG_NFT_BRIDGE_REJECT=y
+CONFIG_NF_LOG_BRIDGE=y

BR, Kent

[-- Attachment #1.2: Type: text/html, Size: 9061 bytes --]

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4943): https://lists.cip-project.org/g/cip-dev/message/4943
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Kindly review for kernel config changes

[Daniel Sangorrin]

[-- Attachment #1: Type: text/plain, Size: 1985 bytes --]

Hi Kent,

The configuration should go to https://gitlab.com/cip-project/cip-kernel/cip-kernel-config not isar-cip-core.

isar-cip-core and deby share cip-kernel-config configuration files.
*isar-cip-core still has the configuration files there but conf/machine files with USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.

Actually that is a nother AI.

Thanks,
Daniel

________________________________________
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> on behalf of Kento Yoshida <kento.yoshida.wz@renesas.com>
Sent: Tuesday, July 21, 2020 4:12 PM
To: cip-dev@lists.cip-project.org
Subject: [cip-dev] Kindly review for kernel config changes

Hi,

The security working group need to use "nftables", and it requires to add the below kernel configs to work.
Before merging to the master branch of "isar-cip-core", would you kindly review to add the below configs by this Friday, everyone?

--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y
# CONFIG_XZ_DEC_ARM is not set
# CONFIG_XZ_DEC_ARMTHUMB is not set
# CONFIG_XZ_DEC_SPARC is not set
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NFT_EXTHDR=y
+CONFIG_NFT_META=y
+CONFIG_NFT_CT=y
+CONFIG_NFT_RBTREE=y
+CONFIG_NFT_HASH=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REDIR=y
+CONFIG_NFT_NAT=y
+CONFIG_NFT_QUEUE=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_REJECT_INET=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
+CONFIG_NFT_REJECT_IPV4=y
+CONFIG_NFT_CHAIN_NAT_IPV4=y
+CONFIG_NFT_MASQ_IPV4=y
+# CONFIG_NFT_REDIR_IPV4 is not set
+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
+CONFIG_NFT_REJECT_IPV6=y
+CONFIG_NFT_CHAIN_NAT_IPV6=y
+CONFIG_NFT_MASQ_IPV6=y
+# CONFIG_NFT_REDIR_IPV6 is not set
+CONFIG_NFT_BRIDGE_META=y
+CONFIG_NFT_BRIDGE_REJECT=y
+CONFIG_NF_LOG_BRIDGE=y

BR, Kent

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4945): https://lists.cip-project.org/g/cip-dev/message/4945
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Kindly review for kernel config changes

[Kento Yoshida]

[-- Attachment #1: Type: text/plain, Size: 2990 bytes --]

>isar-cip-core and deby share cip-kernel-config configuration files.
>*isar-cip-core still has the configuration files there but conf/machine files with
>USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.

I see. Thank you, Daniel.
But, I'm wondering why conf/machine/qemu-amd64.conf doesn't define USE_CIP_KERNEL_CONFIG = "1".

Do you have any information for this, Dinesh or Venkata?
I think we should reconfirm to add these configs to https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/blob/master/4.19.y-cip/x86/cip_qemu_defconfig.
Or, have you already confirmed to build the image using this?

BR, Kent

>-----Original Message-----
>From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of
>Daniel Sangorrin via lists.cip-project.org
>Sent: Tuesday, July 21, 2020 4:57 PM
>To: cip-dev@lists.cip-project.org
>Subject: Re: [cip-dev] Kindly review for kernel config changes
>
>Hi Kent,
>
>The configuration should go to
>https://gitlab.com/cip-project/cip-kernel/cip-kernel-config not isar-cip-core.
>
>isar-cip-core and deby share cip-kernel-config configuration files.
>*isar-cip-core still has the configuration files there but conf/machine files with
>USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.
>
>Actually that is a nother AI.
>
>Thanks,
>Daniel
>
>________________________________________
>From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> on behalf of
>Kento Yoshida <kento.yoshida.wz@renesas.com>
>Sent: Tuesday, July 21, 2020 4:12 PM
>To: cip-dev@lists.cip-project.org
>Subject: [cip-dev] Kindly review for kernel config changes
>
>Hi,
>
>The security working group need to use "nftables", and it requires to add the
>below kernel configs to work.
>Before merging to the master branch of "isar-cip-core", would you kindly review to
>add the below configs by this Friday, everyone?
>
>--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
>+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
>@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y # CONFIG_XZ_DEC_ARM
>is not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is
>not set
>+CONFIG_NF_TABLES=y
>+CONFIG_NF_TABLES_INET=y
>+CONFIG_NF_TABLES_NETDEV=y
>+CONFIG_NFT_EXTHDR=y
>+CONFIG_NFT_META=y
>+CONFIG_NFT_CT=y
>+CONFIG_NFT_RBTREE=y
>+CONFIG_NFT_HASH=y
>+CONFIG_NFT_COUNTER=y
>+CONFIG_NFT_LOG=y
>+CONFIG_NFT_LIMIT=y
>+CONFIG_NFT_MASQ=y
>+CONFIG_NFT_REDIR=y
>+CONFIG_NFT_NAT=y
>+CONFIG_NFT_QUEUE=y
>+CONFIG_NFT_REJECT=y
>+CONFIG_NFT_REJECT_INET=y
>+CONFIG_NFT_COMPAT=y
>+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
>+CONFIG_NFT_REJECT_IPV4=y
>+CONFIG_NFT_CHAIN_NAT_IPV4=y
>+CONFIG_NFT_MASQ_IPV4=y
>+# CONFIG_NFT_REDIR_IPV4 is not set
>+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
>+CONFIG_NFT_REJECT_IPV6=y
>+CONFIG_NFT_CHAIN_NAT_IPV6=y
>+CONFIG_NFT_MASQ_IPV6=y
>+# CONFIG_NFT_REDIR_IPV6 is not set
>+CONFIG_NFT_BRIDGE_META=y
>+CONFIG_NFT_BRIDGE_REJECT=y
>+CONFIG_NF_LOG_BRIDGE=y
>
>BR, Kent

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4949): https://lists.cip-project.org/g/cip-dev/message/4949
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Kindly review for kernel config changes

[Daniel Sangorrin]

[-- Attachment #1: Type: text/plain, Size: 3620 bytes --]

Hi Kent,

Let me check if we can use the cip-kernel-config version on ISAR and remove the one in isar-cip-core.

I will also add nftables as a fragment to isar-cip-core until you tell me that it needs long-term support. If it needs long-term support we will have to move it to cip-kernel-config.

Thanks,
Daniel

________________________________________
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> on behalf of Kento Yoshida <kento.yoshida.wz@renesas.com>
Sent: Tuesday, July 21, 2020 5:40 PM
To: cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] Kindly review for kernel config changes

>isar-cip-core and deby share cip-kernel-config configuration files.
>*isar-cip-core still has the configuration files there but conf/machine files with
>USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.

I see. Thank you, Daniel.
But, I'm wondering why conf/machine/qemu-amd64.conf doesn't define USE_CIP_KERNEL_CONFIG = "1".

Do you have any information for this, Dinesh or Venkata?
I think we should reconfirm to add these configs to https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/blob/master/4.19.y-cip/x86/cip_qemu_defconfig.
Or, have you already confirmed to build the image using this?

BR, Kent

>-----Original Message-----
>From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of
>Daniel Sangorrin via lists.cip-project.org
>Sent: Tuesday, July 21, 2020 4:57 PM
>To: cip-dev@lists.cip-project.org
>Subject: Re: [cip-dev] Kindly review for kernel config changes
>
>Hi Kent,
>
>The configuration should go to
>https://gitlab.com/cip-project/cip-kernel/cip-kernel-config not isar-cip-core.
>
>isar-cip-core and deby share cip-kernel-config configuration files.
>*isar-cip-core still has the configuration files there but conf/machine files with
>USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.
>
>Actually that is a nother AI.
>
>Thanks,
>Daniel
>
>________________________________________
>From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> on behalf of
>Kento Yoshida <kento.yoshida.wz@renesas.com>
>Sent: Tuesday, July 21, 2020 4:12 PM
>To: cip-dev@lists.cip-project.org
>Subject: [cip-dev] Kindly review for kernel config changes
>
>Hi,
>
>The security working group need to use "nftables", and it requires to add the
>below kernel configs to work.
>Before merging to the master branch of "isar-cip-core", would you kindly review to
>add the below configs by this Friday, everyone?
>
>--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
>+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
>@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y # CONFIG_XZ_DEC_ARM
>is not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is
>not set
>+CONFIG_NF_TABLES=y
>+CONFIG_NF_TABLES_INET=y
>+CONFIG_NF_TABLES_NETDEV=y
>+CONFIG_NFT_EXTHDR=y
>+CONFIG_NFT_META=y
>+CONFIG_NFT_CT=y
>+CONFIG_NFT_RBTREE=y
>+CONFIG_NFT_HASH=y
>+CONFIG_NFT_COUNTER=y
>+CONFIG_NFT_LOG=y
>+CONFIG_NFT_LIMIT=y
>+CONFIG_NFT_MASQ=y
>+CONFIG_NFT_REDIR=y
>+CONFIG_NFT_NAT=y
>+CONFIG_NFT_QUEUE=y
>+CONFIG_NFT_REJECT=y
>+CONFIG_NFT_REJECT_INET=y
>+CONFIG_NFT_COMPAT=y
>+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
>+CONFIG_NFT_REJECT_IPV4=y
>+CONFIG_NFT_CHAIN_NAT_IPV4=y
>+CONFIG_NFT_MASQ_IPV4=y
>+# CONFIG_NFT_REDIR_IPV4 is not set
>+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
>+CONFIG_NFT_REJECT_IPV6=y
>+CONFIG_NFT_CHAIN_NAT_IPV6=y
>+CONFIG_NFT_MASQ_IPV6=y
>+# CONFIG_NFT_REDIR_IPV6 is not set
>+CONFIG_NFT_BRIDGE_META=y
>+CONFIG_NFT_BRIDGE_REJECT=y
>+CONFIG_NF_LOG_BRIDGE=y
>
>BR, Kent

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4954): https://lists.cip-project.org/g/cip-dev/message/4954
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Kindly review for kernel config changes

[Daniel Sangorrin]

[-- Attachment #1: Type: text/plain, Size: 3855 bytes --]

Hi kent

> -----Original Message-----
> From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Kento Yoshida
> Sent: Tuesday, July 21, 2020 5:40 PM
> To: cip-dev@lists.cip-project.org
> Subject: Re: [cip-dev] Kindly review for kernel config changes
> 
> >isar-cip-core and deby share cip-kernel-config configuration files.
> >*isar-cip-core still has the configuration files there but conf/machine
> >files with USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.
> 
> I see. Thank you, Daniel.
> But, I'm wondering why conf/machine/qemu-amd64.conf doesn't define USE_CIP_KERNEL_CONFIG = "1".

It does now.

> Do you have any information for this, Dinesh or Venkata?
> I think we should reconfirm to add these configs to https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/blob/master/4.19.y-
> cip/x86/cip_qemu_defconfig.
> Or, have you already confirmed to build the image using this?

I would prefer if cip-kernel-config had base configurations that are later extended with fragments (board-dependendencies, security layer dependencies, etc.). However, that would be a whole new task that might take long.

For now the more realistic approach is to add the security-related kernel configs to either cip_qemu_defconfig or to a fragment in isar-cip-core and deby.

Thanks,
Daniel




> >-----Original Message-----
> >From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On
> >Behalf Of Daniel Sangorrin via lists.cip-project.org
> >Sent: Tuesday, July 21, 2020 4:57 PM
> >To: cip-dev@lists.cip-project.org
> >Subject: Re: [cip-dev] Kindly review for kernel config changes
> >
> >Hi Kent,
> >
> >The configuration should go to
> >https://gitlab.com/cip-project/cip-kernel/cip-kernel-config not isar-cip-core.
> >
> >isar-cip-core and deby share cip-kernel-config configuration files.
> >*isar-cip-core still has the configuration files there but conf/machine
> >files with USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.
> >
> >Actually that is a nother AI.
> >
> >Thanks,
> >Daniel
> >
> >________________________________________
> >From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> on
> >behalf of Kento Yoshida <kento.yoshida.wz@renesas.com>
> >Sent: Tuesday, July 21, 2020 4:12 PM
> >To: cip-dev@lists.cip-project.org
> >Subject: [cip-dev] Kindly review for kernel config changes
> >
> >Hi,
> >
> >The security working group need to use "nftables", and it requires to
> >add the below kernel configs to work.
> >Before merging to the master branch of "isar-cip-core", would you
> >kindly review to add the below configs by this Friday, everyone?
> >
> >--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
> >+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
> >@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y # CONFIG_XZ_DEC_ARM is not
> >set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is not
> >set
> >+CONFIG_NF_TABLES=y
> >+CONFIG_NF_TABLES_INET=y
> >+CONFIG_NF_TABLES_NETDEV=y
> >+CONFIG_NFT_EXTHDR=y
> >+CONFIG_NFT_META=y
> >+CONFIG_NFT_CT=y
> >+CONFIG_NFT_RBTREE=y
> >+CONFIG_NFT_HASH=y
> >+CONFIG_NFT_COUNTER=y
> >+CONFIG_NFT_LOG=y
> >+CONFIG_NFT_LIMIT=y
> >+CONFIG_NFT_MASQ=y
> >+CONFIG_NFT_REDIR=y
> >+CONFIG_NFT_NAT=y
> >+CONFIG_NFT_QUEUE=y
> >+CONFIG_NFT_REJECT=y
> >+CONFIG_NFT_REJECT_INET=y
> >+CONFIG_NFT_COMPAT=y
> >+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
> >+CONFIG_NFT_REJECT_IPV4=y
> >+CONFIG_NFT_CHAIN_NAT_IPV4=y
> >+CONFIG_NFT_MASQ_IPV4=y
> >+# CONFIG_NFT_REDIR_IPV4 is not set
> >+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
> >+CONFIG_NFT_REJECT_IPV6=y
> >+CONFIG_NFT_CHAIN_NAT_IPV6=y
> >+CONFIG_NFT_MASQ_IPV6=y
> >+# CONFIG_NFT_REDIR_IPV6 is not set
> >+CONFIG_NFT_BRIDGE_META=y
> >+CONFIG_NFT_BRIDGE_REJECT=y
> >+CONFIG_NF_LOG_BRIDGE=y
> >
> >BR, Kent

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#5085): https://lists.cip-project.org/g/cip-dev/message/5085
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [cip-dev] Kindly review for kernel config changes

[Daniel Sangorrin]

[-- Attachment #1: Type: text/plain, Size: 3617 bytes --]

> > I see. Thank you, Daniel.
> > But, I'm wondering why conf/machine/qemu-amd64.conf doesn't define USE_CIP_KERNEL_CONFIG = "1".
> 
> It does now.

more accurately, it is in the next branch of isar-cip-core

> 
> > Do you have any information for this, Dinesh or Venkata?
> > I think we should reconfirm to add these configs to
> > https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/blob/mas
> > ter/4.19.y-
> > cip/x86/cip_qemu_defconfig.
> > Or, have you already confirmed to build the image using this?
> 
> I would prefer if cip-kernel-config had base configurations that are later extended with fragments (board-dependendencies, security layer
> dependencies, etc.). However, that would be a whole new task that might take long.
> 
> For now the more realistic approach is to add the security-related kernel configs to either cip_qemu_defconfig or to a fragment in isar-cip-
> core and deby.
> 
> Thanks,
> Daniel
> 
> 
> 
> 
> > >-----Original Message-----
> > >From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org>
> > >On Behalf Of Daniel Sangorrin via lists.cip-project.org
> > >Sent: Tuesday, July 21, 2020 4:57 PM
> > >To: cip-dev@lists.cip-project.org
> > >Subject: Re: [cip-dev] Kindly review for kernel config changes
> > >
> > >Hi Kent,
> > >
> > >The configuration should go to
> > >https://gitlab.com/cip-project/cip-kernel/cip-kernel-config not isar-cip-core.
> > >
> > >isar-cip-core and deby share cip-kernel-config configuration files.
> > >*isar-cip-core still has the configuration files there but
> > >conf/machine files with USE_CIP_KERNEL_CONFIG = "1" do not use them anymore.
> > >
> > >Actually that is a nother AI.
> > >
> > >Thanks,
> > >Daniel
> > >
> > >________________________________________
> > >From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org>
> > >on behalf of Kento Yoshida <kento.yoshida.wz@renesas.com>
> > >Sent: Tuesday, July 21, 2020 4:12 PM
> > >To: cip-dev@lists.cip-project.org
> > >Subject: [cip-dev] Kindly review for kernel config changes
> > >
> > >Hi,
> > >
> > >The security working group need to use "nftables", and it requires to
> > >add the below kernel configs to work.
> > >Before merging to the master branch of "isar-cip-core", would you
> > >kindly review to add the below configs by this Friday, everyone?
> > >
> > >--- a/recipes-kernel/linux/files/qemu-amd64_defconfig
> > >+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig
> > >@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y # CONFIG_XZ_DEC_ARM is
> > >not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is
> > >not set
> > >+CONFIG_NF_TABLES=y
> > >+CONFIG_NF_TABLES_INET=y
> > >+CONFIG_NF_TABLES_NETDEV=y
> > >+CONFIG_NFT_EXTHDR=y
> > >+CONFIG_NFT_META=y
> > >+CONFIG_NFT_CT=y
> > >+CONFIG_NFT_RBTREE=y
> > >+CONFIG_NFT_HASH=y
> > >+CONFIG_NFT_COUNTER=y
> > >+CONFIG_NFT_LOG=y
> > >+CONFIG_NFT_LIMIT=y
> > >+CONFIG_NFT_MASQ=y
> > >+CONFIG_NFT_REDIR=y
> > >+CONFIG_NFT_NAT=y
> > >+CONFIG_NFT_QUEUE=y
> > >+CONFIG_NFT_REJECT=y
> > >+CONFIG_NFT_REJECT_INET=y
> > >+CONFIG_NFT_COMPAT=y
> > >+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
> > >+CONFIG_NFT_REJECT_IPV4=y
> > >+CONFIG_NFT_CHAIN_NAT_IPV4=y
> > >+CONFIG_NFT_MASQ_IPV4=y
> > >+# CONFIG_NFT_REDIR_IPV4 is not set
> > >+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
> > >+CONFIG_NFT_REJECT_IPV6=y
> > >+CONFIG_NFT_CHAIN_NAT_IPV6=y
> > >+CONFIG_NFT_MASQ_IPV6=y
> > >+# CONFIG_NFT_REDIR_IPV6 is not set
> > >+CONFIG_NFT_BRIDGE_META=y
> > >+CONFIG_NFT_BRIDGE_REJECT=y
> > >+CONFIG_NF_LOG_BRIDGE=y
> > >
> > >BR, Kent

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#5086): https://lists.cip-project.org/g/cip-dev/message/5086
Mute This Topic: https://lists.cip-project.org/mt/75699231/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-