diff --git a/SOURCES/bcm2711_selinux_config.patch b/SOURCES/bcm2711_selinux_config.patch
new file mode 100644
index 0000000..3333f54
--- /dev/null
+++ b/SOURCES/bcm2711_selinux_config.patch
@@ -0,0 +1,73 @@
+diff -aurp a/arch/arm/configs/bcm2711_defconfig b/arch/arm/configs/bcm2711_defconfig
+--- a/arch/arm/configs/bcm2711_defconfig	2019-06-25 09:04:03.000000000 +0000
++++ b/arch/arm/configs/bcm2711_defconfig	2019-07-12 23:19:32.386788624 +0000
+@@ -2,6 +2,7 @@ CONFIG_LOCALVERSION="-v7l"
+ # CONFIG_LOCALVERSION_AUTO is not set
+ CONFIG_SYSVIPC=y
+ CONFIG_POSIX_MQUEUE=y
++CONFIG_AUDIT=y
+ CONFIG_GENERIC_IRQ_DEBUGFS=y
+ CONFIG_NO_HZ=y
+ CONFIG_HIGH_RES_TIMERS=y
+@@ -123,6 +124,7 @@ CONFIG_IPV6_SUBTREES=y
+ CONFIG_IPV6_MROUTE=y
+ CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
+ CONFIG_IPV6_PIMSM_V2=y
++CONFIG_NETLABEL=y
+ CONFIG_NETFILTER=y
+ CONFIG_NF_CONNTRACK=m
+ CONFIG_NF_CONNTRACK_ZONES=y
+@@ -170,6 +172,7 @@ CONFIG_NFT_FIB_NETDEV=m
+ CONFIG_NF_FLOW_TABLE_INET=m
+ CONFIG_NF_FLOW_TABLE=m
+ CONFIG_NETFILTER_XT_SET=m
++CONFIG_NETFILTER_XT_TARGET_AUDIT=m
+ CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
+ CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+ CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
+@@ -281,6 +284,7 @@ CONFIG_IP_NF_TARGET_CLUSTERIP=m
+ CONFIG_IP_NF_TARGET_ECN=m
+ CONFIG_IP_NF_TARGET_TTL=m
+ CONFIG_IP_NF_RAW=m
++CONFIG_IP_NF_SECURITY=m
+ CONFIG_IP_NF_ARPTABLES=m
+ CONFIG_IP_NF_ARPFILTER=m
+ CONFIG_IP_NF_ARP_MANGLE=m
+@@ -306,6 +310,7 @@ CONFIG_IP6_NF_FILTER=m
+ CONFIG_IP6_NF_TARGET_REJECT=m
+ CONFIG_IP6_NF_MANGLE=m
+ CONFIG_IP6_NF_RAW=m
++CONFIG_IP6_NF_SECURITY=m
+ CONFIG_IP6_NF_NAT=m
+ CONFIG_IP6_NF_TARGET_MASQUERADE=m
+ CONFIG_IP6_NF_TARGET_NPT=m
+@@ -1355,6 +1360,7 @@ CONFIG_BTRFS_FS_POSIX_ACL=y
+ CONFIG_NILFS2_FS=m
+ CONFIG_F2FS_FS=y
+ CONFIG_FANOTIFY=y
++CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
+ CONFIG_QFMT_V1=m
+ CONFIG_QFMT_V2=m
+ CONFIG_AUTOFS4_FS=y
+@@ -1396,6 +1402,7 @@ CONFIG_NFS_FSCACHE=y
+ CONFIG_NFSD=m
+ CONFIG_NFSD_V3_ACL=y
+ CONFIG_NFSD_V4=y
++CONFIG_NFSD_V4_SECURITY_LABEL=y
+ CONFIG_CIFS=m
+ CONFIG_CIFS_WEAK_PW_HASH=y
+ CONFIG_CIFS_UPCALL=y
+@@ -1445,6 +1452,13 @@ CONFIG_NLS_ISO8859_15=m
+ CONFIG_NLS_KOI8_R=m
+ CONFIG_NLS_KOI8_U=m
+ CONFIG_DLM=m
++CONFIG_SECURITY=y
++CONFIG_SECURITY_NETWORK=y
++CONFIG_SECURITY_PATH=y
++CONFIG_SECURITY_SELINUX=y
++CONFIG_SECURITY_SELINUX_BOOTPARAM=y
++CONFIG_SECURITY_SELINUX_DISABLE=y
++CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+ CONFIG_CRYPTO_USER=m
+ CONFIG_CRYPTO_CBC=y
+ CONFIG_CRYPTO_CTS=m