From 085ae7c6acd467f1b0b9e91c0b4ec3f8d521e421 Mon Sep 17 00:00:00 2001
From: denes <denes@matetelki.com>
Date: Mon, 10 Dec 2018 15:37:02 +0100
Subject: [PATCH] With SELinux and initial readme list of working components

	modified:   intel_nuc_NUC7CJYH
---
 README.md          | 16 +++++++++++++++-
 intel_nuc_NUC7CJYH | 23 ++++++++++++++++++-----
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 4c2a7c6..733c2b3 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,17 @@
 # kernel_configs
 
-kernel configurations for various devices
\ No newline at end of file
+kernel configurations for various devices
+
+Intel NUC 7CJYH
+===============
+
+[Link][https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7cjyh.html]
+
+With SELinux
+
+| Part | Model | Status | Notes |
+|------|-------|--------|-------|
+| Wifi | Intel(R) Dual Band Wireless AC 9462 | :heavy_check_mark: | iwlwifi-9000 [Link][https://www.intel.com/content/www/us/en/support/articles/000005511/network-and-i-o/wireless-networking.html] |
+
+
+
diff --git a/intel_nuc_NUC7CJYH b/intel_nuc_NUC7CJYH
index 0a396df..9fd17ba 100644
--- a/intel_nuc_NUC7CJYH
+++ b/intel_nuc_NUC7CJYH
@@ -4,7 +4,7 @@
 #
 
 #
-# Compiler: gcc (Gentoo Hardened 8.2.0-r4 p1.5) 8.2.0
+# Compiler: gcc (Gentoo Hardened 8.2.0-r5 p1.6) 8.2.0
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -79,8 +79,11 @@ CONFIG_POSIX_MQUEUE=y
 CONFIG_POSIX_MQUEUE_SYSCTL=y
 CONFIG_CROSS_MEMORY_ATTACH=y
 # CONFIG_USELIB is not set
-# CONFIG_AUDIT is not set
+CONFIG_AUDIT=y
 CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
 
 #
 # IRQ subsystem
@@ -3632,14 +3635,22 @@ CONFIG_KEYS=y
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
 CONFIG_SECURITY=y
 # CONFIG_SECURITYFS is not set
-# CONFIG_SECURITY_NETWORK is not set
+CONFIG_SECURITY_NETWORK=y
 CONFIG_PAGE_TABLE_ISOLATION=y
+# CONFIG_SECURITY_NETWORK_XFRM is not set
 # CONFIG_SECURITY_PATH is not set
 # CONFIG_INTEL_TXT is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 # CONFIG_HARDENED_USERCOPY is not set
 # CONFIG_FORTIFY_SOURCE is not set
 # CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_SECURITY_SELINUX=y
+# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
@@ -3647,10 +3658,12 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 # CONFIG_SECURITY_YAMA is not set
 CONFIG_INTEGRITY=y
 # CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_DEFAULT_SECURITY=""
+CONFIG_DEFAULT_SECURITY_SELINUX=y
+# CONFIG_DEFAULT_SECURITY_DAC is not set
+CONFIG_DEFAULT_SECURITY="selinux"
 CONFIG_CRYPTO=y
 
 #