[PATCH testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1

[PATCH testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1

[Stephen Smalley]

When generating a kernel config for testing per the README.md instructions
based on localmodconfig followed by merge_config.sh with this defconfig
fragment, I found that certain tests were failing due to missing options.
We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests
and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs
tests.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 defconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/defconfig b/defconfig
index 00bf9f3..0c96408 100644
--- a/defconfig
+++ b/defconfig
@@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
 CONFIG_NETFILTER_XT_TARGET_SECMARK=m
+CONFIG_NETFILTER_XT_MATCH_STATE=m
 CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp
 
 # Filesystem security labeling support.
@@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y
 # This is not required for SELinux operation itself.
 CONFIG_NFS_FS=m
 CONFIG_NFS_V4=m
+CONFIG_NFS_V4_1=y
 CONFIG_NFS_V4_2=y
 CONFIG_NFS_V4_SECURITY_LABEL=y
 CONFIG_NFSD=m
-- 
2.25.1

Re: [PATCH testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1

[Paul Moore]

On Tue, Jun 9, 2020 at 11:18 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> When generating a kernel config for testing per the README.md instructions
> based on localmodconfig followed by merge_config.sh with this defconfig
> fragment, I found that certain tests were failing due to missing options.
> We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests
> and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs
> tests.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
>  defconfig | 2 ++
>  1 file changed, 2 insertions(+)

Acked-by: Paul Moore <paul@paul-moore.com>

> diff --git a/defconfig b/defconfig
> index 00bf9f3..0c96408 100644
> --- a/defconfig
> +++ b/defconfig
> @@ -21,6 +21,7 @@ CONFIG_NETWORK_SECMARK=y
>  CONFIG_NF_CONNTRACK_SECMARK=y
>  CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
>  CONFIG_NETFILTER_XT_TARGET_SECMARK=m
> +CONFIG_NETFILTER_XT_MATCH_STATE=m
>  CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m # used for testing sctp
>
>  # Filesystem security labeling support.
> @@ -99,6 +100,7 @@ CONFIG_QFMT_V2=y
>  # This is not required for SELinux operation itself.
>  CONFIG_NFS_FS=m
>  CONFIG_NFS_V4=m
> +CONFIG_NFS_V4_1=y
>  CONFIG_NFS_V4_2=y
>  CONFIG_NFS_V4_SECURITY_LABEL=y
>  CONFIG_NFSD=m
> --
> 2.25.1
>


-- 
paul moore
www.paul-moore.com

Re: [PATCH testsuite] defconfig: add NETFILTER_XT_MATCH_STATE and NFS_V4_1

[Ondrej Mosnacek]

On Wed, Jun 10, 2020 at 4:40 PM Paul Moore <paul@paul-moore.com> wrote:
> On Tue, Jun 9, 2020 at 11:18 AM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > When generating a kernel config for testing per the README.md instructions
> > based on localmodconfig followed by merge_config.sh with this defconfig
> > fragment, I found that certain tests were failing due to missing options.
> > We need NETFILTER_XT_MATCH_STATE for some of the tests/inet_socket tests
> > and NFS_V4_1 as a dependency for enabling NFS_V4_2 for the labeled nfs
> > tests.
> >
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > ---
> >  defconfig | 2 ++
> >  1 file changed, 2 insertions(+)
>
> Acked-by: Paul Moore <paul@paul-moore.com>

Now applied, thanks!

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.