|
|
@@ -329,27 +329,45 @@ menu "Global build settings"
|
|
|
endchoice
|
|
|
|
|
|
config TARGET_ROOTFS_SECURITY_LABELS
|
|
|
- bool "Enable rootfs security labels"
|
|
|
+ bool
|
|
|
select KERNEL_SQUASHFS_XATTR
|
|
|
select KERNEL_EXT4_FS_SECURITY
|
|
|
select KERNEL_F2FS_FS_SECURITY
|
|
|
select KERNEL_UBIFS_FS_SECURITY
|
|
|
select KERNEL_JFFS2_FS_SECURITY
|
|
|
+
|
|
|
+ config SELINUX
|
|
|
+ bool "Enable SELinux"
|
|
|
+ select KERNEL_SECURITY_SELINUX
|
|
|
+ select TARGET_ROOTFS_SECURITY_LABELS
|
|
|
+ select PACKAGE_procd-selinux
|
|
|
+ select PACKAGE_busybox-selinux
|
|
|
help
|
|
|
- This option enables the usage of SELinux labels
|
|
|
+ This option enables SELinux kernel features, applies security labels
|
|
|
+ in squashfs rootfs and selects the selinux-variants of busybox and procd.
|
|
|
+
|
|
|
+ Selecting this option results in about 0.5MiB of additional flash space
|
|
|
+ usage accounting for increased kernel and rootfs size.
|
|
|
|
|
|
choice
|
|
|
prompt "default SELinux type"
|
|
|
depends on TARGET_ROOTFS_SECURITY_LABELS
|
|
|
default SELINUXTYPE_dssp
|
|
|
help
|
|
|
- Choose SELinux policy to be used for build.
|
|
|
+ Select SELinux policy to be installed and used for applying rootfs labels.
|
|
|
+
|
|
|
config SELINUXTYPE_targeted
|
|
|
bool "targeted"
|
|
|
select PACKAGE_refpolicy
|
|
|
+ help
|
|
|
+ SELinux Reference Policy (refpolicy)
|
|
|
+
|
|
|
config SELINUXTYPE_dssp
|
|
|
bool "dssp"
|
|
|
select PACKAGE_selinux-policy
|
|
|
+ help
|
|
|
+ Defensec SELinux Security Policy -- OpenWrt edition
|
|
|
+
|
|
|
endchoice
|
|
|
|
|
|
endmenu
|
Daniel Golle