Kernel flags for apparmor

kernel/packages/prawnos-linux-image-armhf/README.md

@@ -11,7 +11,7 @@
 prawnos linux kernel images have 3 version numbers, each representing a different type of change. This is to keep versioning organized, and to make the debian packaging system happy. 
 
 the format is: 
-`prawnos-linus-image-armhf_<upstream_kver>-<prawnos_kver>-<debian_package_ver>`
+`prawnos-linux-image-armhf_<upstream_kver>-<prawnos_kver>-<debian_package_ver>`
 
 upstream_kver changes with a new version of the linux kernel
 prawnos_kver changes when new patches are added or a config change occurs

kernel/resources/armhf/libre-config

@@ -5757,9 +5757,12 @@ CONFIG_KEYS=y
 # CONFIG_TRUSTED_KEYS is not set
 CONFIG_ENCRYPTED_KEYS=y
 # CONFIG_KEY_DH_OPERATIONS is not set
-# CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+SECURITY_APPARMOR_HASH_DEFAULT=y
 CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
@@ -5772,7 +5775,7 @@ CONFIG_HARDENED_USERCOPY_FALLBACK=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
 # CONFIG_SECURITY_SELINUX_DISABLE is not set
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
@@ -5781,7 +5784,7 @@ CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
 CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_LOADPIN=y
 # CONFIG_SECURITY_LOADPIN_ENFORCE is not set
 CONFIG_SECURITY_YAMA=y
@@ -5792,10 +5795,10 @@ CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
 # CONFIG_DEFAULT_SECURITY_DAC is not set
 CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
-
 #
 # Kernel hardening options
 #

kernel/resources/shared/FlashKernelPartition.sh

@@ -36,7 +36,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }

scripts/InstallScripts/InstallPackages.sh

@@ -37,7 +37,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }

scripts/InstallScripts/InstallPrawnOS.sh

@@ -40,7 +40,7 @@ get_emmc_devname() {
     local devname=$(ls /dev/mmcblk* | grep -F boot0 | sed "s/boot0//")
     if [ -z "$devname" ]
     then
-        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;;
+        echo "Unknown device! can't determine emmc devname. Please file an issue with the output of fdisk -l if you get this on a supported device"; exit 1;
     fi
     echo $devname
 }