From 1f546445c58ec463ee7f3717657f01226e36a1a9 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:11:36 +0200
Subject: [PATCH 1/8] config: add SECCOMP filters to bcm2709

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcm2709_defconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
index f4b435948816cc..3f4c5b17ae0801 100644
--- a/arch/arm/configs/bcm2709_defconfig
+++ b/arch/arm/configs/bcm2709_defconfig
@@ -36,6 +36,8 @@ CONFIG_VMSPLIT_2G=y
 # CONFIG_CPU_SW_DOMAIN_PAN is not set
 CONFIG_UACCESS_WITH_MEMCPY=y
 CONFIG_SECCOMP=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
 # CONFIG_ATAGS is not set
 CONFIG_ZBOOT_ROM_TEXT=0x0
 CONFIG_ZBOOT_ROM_BSS=0x0

From a19ec22b707223a01919348f86a60408ca396fac Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:11:55 +0200
Subject: [PATCH 2/8] config: add SECCOMP filters to bcmrpi

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcmrpi_defconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/configs/bcmrpi_defconfig b/arch/arm/configs/bcmrpi_defconfig
index 9de5bd576fdf65..a76604dc84423f 100644
--- a/arch/arm/configs/bcmrpi_defconfig
+++ b/arch/arm/configs/bcmrpi_defconfig
@@ -33,6 +33,8 @@ CONFIG_ARCH_BCM2835=y
 # CONFIG_CPU_SW_DOMAIN_PAN is not set
 CONFIG_UACCESS_WITH_MEMCPY=y
 CONFIG_SECCOMP=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
 # CONFIG_ATAGS is not set
 CONFIG_ZBOOT_ROM_TEXT=0x0
 CONFIG_ZBOOT_ROM_BSS=0x0

From 55d8478af29a1984126b5753109bc0d80e0889b3 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:12:54 +0200
Subject: [PATCH 3/8] config: add AppArmor to bcm2709

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcm2709_defconfig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
index 3f4c5b17ae0801..cc986a8ed94c68 100644
--- a/arch/arm/configs/bcm2709_defconfig
+++ b/arch/arm/configs/bcm2709_defconfig
@@ -38,6 +38,10 @@ CONFIG_UACCESS_WITH_MEMCPY=y
 CONFIG_SECCOMP=y
 CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
 CONFIG_SECCOMP_FILTER=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_ATAGS is not set
 CONFIG_ZBOOT_ROM_TEXT=0x0
 CONFIG_ZBOOT_ROM_BSS=0x0

From 4eeb0eb6b6a11d2b61ca39fc08d9b03ab9ef2d5c Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:13:09 +0200
Subject: [PATCH 4/8] config: add AppArmor to bcmrpi

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcmrpi_defconfig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm/configs/bcmrpi_defconfig b/arch/arm/configs/bcmrpi_defconfig
index a76604dc84423f..cb38a9c882f882 100644
--- a/arch/arm/configs/bcmrpi_defconfig
+++ b/arch/arm/configs/bcmrpi_defconfig
@@ -35,6 +35,10 @@ CONFIG_UACCESS_WITH_MEMCPY=y
 CONFIG_SECCOMP=y
 CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
 CONFIG_SECCOMP_FILTER=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
 # CONFIG_ATAGS is not set
 CONFIG_ZBOOT_ROM_TEXT=0x0
 CONFIG_ZBOOT_ROM_BSS=0x0

From 317ba95a729b3b7f2a7bf051cc4ba1de77413fb7 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:23:11 +0200
Subject: [PATCH 5/8] config: add further cgroup config to bcm2709

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcm2709_defconfig | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
index cc986a8ed94c68..f071d681ecb07b 100644
--- a/arch/arm/configs/bcm2709_defconfig
+++ b/arch/arm/configs/bcm2709_defconfig
@@ -15,12 +15,18 @@ CONFIG_TASK_IO_ACCOUNTING=y
 CONFIG_IKCONFIG=m
 CONFIG_IKCONFIG_PROC=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_MEMCG_KMEM=y
 CONFIG_BLK_CGROUP=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CPUSETS=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_NET_PRIO=y
 CONFIG_NAMESPACES=y
 CONFIG_USER_NS=y
 CONFIG_SCHED_AUTOGROUP=y

From e853b6b09c6c915cbff462d008e6579d8c160f0e Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:23:21 +0200
Subject: [PATCH 6/8] config: add further cgroup config to bcmrpi

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcmrpi_defconfig | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm/configs/bcmrpi_defconfig b/arch/arm/configs/bcmrpi_defconfig
index cb38a9c882f882..5d2cc9592822a1 100644
--- a/arch/arm/configs/bcmrpi_defconfig
+++ b/arch/arm/configs/bcmrpi_defconfig
@@ -14,10 +14,16 @@ CONFIG_TASK_IO_ACCOUNTING=y
 CONFIG_IKCONFIG=m
 CONFIG_IKCONFIG_PROC=y
 CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_MEMCG_KMEM=y
 CONFIG_BLK_CGROUP=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_NET_PRIO=y
 CONFIG_NAMESPACES=y
 CONFIG_USER_NS=y
 CONFIG_SCHED_AUTOGROUP=y

From 3e53e483c6dc91e9e6a74666fad7e8cb2fea52b1 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:36:53 +0200
Subject: [PATCH 7/8] config: add CONFIG_CFS_BANDWIDTH to bcm2709

This option would allow to allocate CPU resource (i.-e. limit them)
on a cgroup.

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcm2709_defconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
index f071d681ecb07b..406b1fbbd6d40f 100644
--- a/arch/arm/configs/bcm2709_defconfig
+++ b/arch/arm/configs/bcm2709_defconfig
@@ -27,6 +27,7 @@ CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CFS_BANDWIDTH=y
 CONFIG_NAMESPACES=y
 CONFIG_USER_NS=y
 CONFIG_SCHED_AUTOGROUP=y

From bb0e4301710f8ab77216751f9d8b5d5c13d4ae30 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Berthon <huygens@berthon.eu>
Date: Wed, 19 Oct 2016 00:38:31 +0200
Subject: [PATCH 8/8] config: add CONFIG_CFS_BANDWIDTH to bcmrpi

Signed-off-by: Jean-Christophe Berthon <jcberthon@users.noreply.github.com>
---
 arch/arm/configs/bcmrpi_defconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/configs/bcmrpi_defconfig b/arch/arm/configs/bcmrpi_defconfig
index 5d2cc9592822a1..08b2c790698367 100644
--- a/arch/arm/configs/bcmrpi_defconfig
+++ b/arch/arm/configs/bcmrpi_defconfig
@@ -24,6 +24,7 @@ CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_PERF=y
 CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CFS_BANDWIDTH=y
 CONFIG_NAMESPACES=y
 CONFIG_USER_NS=y
 CONFIG_SCHED_AUTOGROUP=y