From 1e1858cd97e1d85a66cf5f198e350dfa28b4598a Mon Sep 17 00:00:00 2001
From: Luke Craig <lacraig3@gmail.com>
Date: Wed, 14 Aug 2024 16:08:15 -0400
Subject: [PATCH 1/4] add new config options of dubious origin

---
 configs/4.10/all-common.inc | 90 +++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/configs/4.10/all-common.inc b/configs/4.10/all-common.inc
index d2bc8ab..b5bd983 100644
--- a/configs/4.10/all-common.inc
+++ b/configs/4.10/all-common.inc
@@ -373,3 +373,93 @@ CONFIG_XFS_FS=y
 CONFIG_ZISOFS=y
 CONFIG__FS=y
 CONFIG__UVD_PGFSM_FS=y
+
+CONFIG_AUTOFS_FS=y
+CONFIG_BPF=y
+CONFIG_BPF_JIT=y
+CONFIG_BPF_SYSCALL=y
+CONFIG_BTRFS_FS_POSIX_ACL=y
+CONFIG_CGROUP_BPF=y
+CONFIG_CGROUP_HUGETLB=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CHECKPOINT_RESTORE=y
+CONFIG_COMPAT_BRK=y
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_DES=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_DEBUG_FS=y
+CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_DMIID=y
+CONFIG_EPOLL=y
+CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_FHANDLE=y
+CONFIG_FIRMADYNE=y
+CONFIG_FTRACE=y
+CONFIG_HAVE_EBPF_JIT=y
+CONFIG_HUGETLBFS=y
+CONFIG_INOTIFY_USER=y
+CONFIG_IPC_NS=y
+CONFIG_IPV6=y
+CONFIG_IPV6_NDISC_NODETYPE=y
+CONFIG_IPV6_SIT=y
+CONFIG_IP_NF_CONNTRACK=y
+CONFIG_LEDS_CLASS=y
+CONFIG_LEDS_GPIO=y
+CONFIG_MPLS_IPTUNNEL=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_XT_MATCH_SOCKET=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+CONFIG_NETFILTER_XT_TARGET_SECMARK=y
+CONFIG_NETPRIO_CGROUP=y
+CONFIG_NET_ACT_MPLS=y
+CONFIG_NET_NS=y
+CONFIG_NFS_V4=y
+CONFIG_NFS_V4_1=y
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_NAT_AMANDA=y
+CONFIG_NF_NAT_H323=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NF_NAT_IRC=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_NF_NAT_PPTP=y
+CONFIG_NF_NAT_PROTO_GRE=y
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_NF_NAT_SIP=y
+CONFIG_NF_NAT_SNMP_BASIC=y
+CONFIG_NLS_UTF8=y
+CONFIG_NVRAM=y
+CONFIG_PID_NS=y
+CONFIG_PREEMPT_NONE=y
+CONFIG_PROC_DEVICETREE=y
+CONFIG_PROC_FS=y
+CONFIG_PSI=y
+CONFIG_RESOURCE_COUNTERS=y
+CONFIG_ROOT_NFS=y
+CONFIG_SECCOMP=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_SIGNALFD=y
+CONFIG_SYSFS=y
+CONFIG_TIMERFD=y
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_TMPFS_XATTR=y
+CONFIG_UTS_NS=y
+CONFIG_WATCHDOG=y
+CONFIG_XFS_POSIX_ACL=y
+
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_NETWORK_XFRM=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_SECURITY_SMACK=y
\ No newline at end of file

From df0d27dc39063323e345f5ddc7e880a7b0ec0892 Mon Sep 17 00:00:00 2001
From: Luke Craig <lacraig3@gmail.com>
Date: Wed, 14 Aug 2024 17:27:37 -0400
Subject: [PATCH 2/4] even more dubious kernel options

---
 configs/4.10/all-common.inc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/configs/4.10/all-common.inc b/configs/4.10/all-common.inc
index b5bd983..71aef75 100644
--- a/configs/4.10/all-common.inc
+++ b/configs/4.10/all-common.inc
@@ -391,7 +391,7 @@ CONFIG_CRYPTO_NULL=y
 CONFIG_CRYPTO_SHA256=y
 CONFIG_DEBUG_FS=y
 CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
-CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_DEVTMPFS_MOUNT=n
 CONFIG_DMIID=y
 CONFIG_EPOLL=y
 CONFIG_EXT4_FS=y
@@ -462,4 +462,13 @@ CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_SECURITY_SMACK=y
\ No newline at end of file
+CONFIG_SECURITY_SMACK=y
+CONFIG_USER_NS=y
+
+CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_XFS_POSIX_ACL=y
+CONFIG_BRTFS_POSIX_ACL=y
+CONFIG_NET_SCHED=y
+CONFIG_NET_SCH_FQ_CODEL=y
+CONFIG_AUTOFS4_FS=y
+CONFIG_RT_GROUP_SCHED=n
\ No newline at end of file

From 78e36b5298215c5690b3626ab9b1e990716ecb2f Mon Sep 17 00:00:00 2001
From: Andrew Fasano <fasano@mit.edu>
Date: Wed, 14 Aug 2024 18:12:23 -0400
Subject: [PATCH 3/4] configs: enable audit for selinux

---
 configs/4.10/all-common.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/configs/4.10/all-common.inc b/configs/4.10/all-common.inc
index 71aef75..3d08b6f 100644
--- a/configs/4.10/all-common.inc
+++ b/configs/4.10/all-common.inc
@@ -374,6 +374,7 @@ CONFIG_ZISOFS=y
 CONFIG__FS=y
 CONFIG__UVD_PGFSM_FS=y
 
+CONFIG_AUDIT=y
 CONFIG_AUTOFS_FS=y
 CONFIG_BPF=y
 CONFIG_BPF_JIT=y
@@ -471,4 +472,4 @@ CONFIG_BRTFS_POSIX_ACL=y
 CONFIG_NET_SCHED=y
 CONFIG_NET_SCH_FQ_CODEL=y
 CONFIG_AUTOFS4_FS=y
-CONFIG_RT_GROUP_SCHED=n
\ No newline at end of file
+CONFIG_RT_GROUP_SCHED=n

From bead302bd9cc84d6709ca5c24d0c267b53fdb1af Mon Sep 17 00:00:00 2001
From: Andrew Fasano <fasano@mit.edu>
Date: Fri, 16 Aug 2024 15:08:45 -0400
Subject: [PATCH 4/4] Bump kernel to get sys_open bugfix

---
 linux/4.10 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux/4.10 b/linux/4.10
index 6cca77b..52daedf 160000
--- a/linux/4.10
+++ b/linux/4.10
@@ -1 +1 @@
-Subproject commit 6cca77b0080ec3bf58b303e444306ed93437f9b2
+Subproject commit 52daedf465e7b101f796274d5e96b47f1332c10f