Commit Graph

8 Commits

Author SHA1 Message Date
Leo Barsky
b1435f0af8 kernel: activate *_FS_SECURITY and *_FS_ACL_ATTR options for all big flash targets
This patch activate *_FS_SECURITY and *_FS_ACL_ATTR options for all big flash memory targets.
Fixes docker error: "failed to register layer: lsetxattr security.capability /usr/bin/ping: operation not supported"
Forum discussion:
https://forum.openwrt.org/t/docker-pull-fails-failed-to-register-layer-operation-not-supported/138253

Signed-off-by: Leo Barsky <leobrsky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16181
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-06 22:46:59 +02:00
Daniel Golle
963be1423f kernel: add missing config symbols
Kconfig symbols CONFIG_ARM64_CNP and CONFIG_ARM64_EPAN got exposed
by enabling CONFIG_ARM64_PAN. Enable them as well, as just like for
PAN, also EPAN and CNP will be detected at runtime at no cost.

Fixes: a2662309aa ("kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-08-22 00:20:02 +01:00
Hauke Mehrtens
a2662309aa kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory
Enable the CONFIG_ARM64_PAN kernel security option, which leverages the
ARMv8.1 Privileged Access Never (PAN) extension to prevent the kernel
from directly accessing user space memory.

Instead, copy_to_user and similar functions must be used for data
transfer between kernel and user space. This feature is automatically
disabled at runtime on CPUs without PAN support, making it a no-op in
those cases.

Link: https://github.com/openwrt/openwrt/pull/16189
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-21 00:21:05 +02:00
Marek Behún
b51abacb5f config: kernel: Add support for configuring BTRFS to be built-in
Add the KERNEL_BTRFS_FS config option so that targets can select
whether BTRFS support must be built-in.

Select this option (alongside KERNEL_BTRFS_FS_POSIX_ACL) from the
layerscape/armv8_64b subtarget instead of enabling it in
target/linux/layerscape/armv8_64b/config-* files.

Move disabling of CONFIG_BTRFS_FS_CHECK_INTEGRITY into generic configs.

This makes it possible for OpenWRT to be built with built-in BTRFS
support on specific boards, instead of whole targets.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/15990
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-15 00:35:17 +02:00
Pawel Dembicki
af1fc05cad kernel/layerscape: Restore kernel files for v6.1
This is an automatically generated commit which aids following Kernel patch history,
as git will see the move and copy as a rename thus defeating the purpose.

See: https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
for the original discussion.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2024-05-25 20:18:23 +02:00
Pawel Dembicki
0a22ccaad6 kernel/layerscape: Create kernel files for v6.6 (from v6.1)
This is an automatically generated commit.

During a `git bisect` session, `git bisect --skip` is recommended.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2024-05-25 20:18:23 +02:00
Pawel Dembicki
d43ac3a643 layerscape: 6.1: refresh kernel config
Done by 'make kernel_oldconfig'.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2023-10-18 08:14:32 +02:00
Pawel Dembicki
297fd483bf layerscape: copy config 5.15 to 6.1
Configs was just copied.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2023-10-18 08:14:32 +02:00