|
|
|
|
@ -148,7 +148,6 @@ CONFIG_LOG_BUF_SHIFT=17
|
|
|
|
|
CONFIG_LOG_CPU_MAX_BUF_SHIFT=17
|
|
|
|
|
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
|
|
|
|
|
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
|
|
|
|
|
CONFIG_ARCH_SUPPORTS_INT128=y
|
|
|
|
|
# CONFIG_NUMA_BALANCING is not set
|
|
|
|
|
CONFIG_CGROUPS=y
|
|
|
|
|
# CONFIG_CGROUP_DEBUG is not set
|
|
|
|
|
@ -165,7 +164,6 @@ CONFIG_FAIR_GROUP_SCHED=y
|
|
|
|
|
# CONFIG_CFS_BANDWIDTH is not set
|
|
|
|
|
# CONFIG_RT_GROUP_SCHED is not set
|
|
|
|
|
# CONFIG_BLK_CGROUP is not set
|
|
|
|
|
# CONFIG_CHECKPOINT_RESTORE is not set
|
|
|
|
|
CONFIG_NAMESPACES=y
|
|
|
|
|
CONFIG_UTS_NS=y
|
|
|
|
|
CONFIG_IPC_NS=y
|
|
|
|
|
@ -371,7 +369,6 @@ CONFIG_IOSF_MBI=y
|
|
|
|
|
# CONFIG_IOSF_MBI_DEBUG is not set
|
|
|
|
|
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
|
|
|
|
|
CONFIG_SCHED_OMIT_FRAME_POINTER=y
|
|
|
|
|
# CONFIG_HYPERVISOR_GUEST is not set
|
|
|
|
|
CONFIG_NO_BOOTMEM=y
|
|
|
|
|
# CONFIG_MK8 is not set
|
|
|
|
|
# CONFIG_MPSC is not set
|
|
|
|
|
@ -412,8 +409,6 @@ CONFIG_X86_MCE_INTEL=y
|
|
|
|
|
CONFIG_X86_MCE_THRESHOLD=y
|
|
|
|
|
# CONFIG_X86_MCE_INJECT is not set
|
|
|
|
|
CONFIG_X86_THERMAL_VECTOR=y
|
|
|
|
|
CONFIG_X86_16BIT=y
|
|
|
|
|
CONFIG_X86_ESPFIX64=y
|
|
|
|
|
CONFIG_X86_VSYSCALL_EMULATION=y
|
|
|
|
|
# CONFIG_I8K is not set
|
|
|
|
|
CONFIG_MICROCODE=y
|
|
|
|
|
@ -493,18 +488,16 @@ CONFIG_SECCOMP=y
|
|
|
|
|
CONFIG_HZ_1000=y
|
|
|
|
|
CONFIG_HZ=1000
|
|
|
|
|
CONFIG_SCHED_HRTICK=y
|
|
|
|
|
CONFIG_KEXEC=y
|
|
|
|
|
# CONFIG_KEXEC_FILE is not set
|
|
|
|
|
CONFIG_CRASH_DUMP=y
|
|
|
|
|
CONFIG_PHYSICAL_START=0x1000000
|
|
|
|
|
CONFIG_RELOCATABLE=y
|
|
|
|
|
# CONFIG_RANDOMIZE_BASE is not set
|
|
|
|
|
CONFIG_PHYSICAL_ALIGN=0x200000
|
|
|
|
|
CONFIG_PHYSICAL_ALIGN=0x400000
|
|
|
|
|
CONFIG_HOTPLUG_CPU=y
|
|
|
|
|
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
|
|
|
|
|
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
|
|
|
|
|
# CONFIG_COMPAT_VDSO is not set
|
|
|
|
|
# CONFIG_CMDLINE_BOOL is not set
|
|
|
|
|
CONFIG_DEFAULT_MODIFY_LDT_SYSCALL=y
|
|
|
|
|
CONFIG_HAVE_LIVEPATCH=y
|
|
|
|
|
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
|
|
|
|
|
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
|
|
|
|
|
@ -514,7 +507,6 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y
|
|
|
|
|
#
|
|
|
|
|
CONFIG_SUSPEND=y
|
|
|
|
|
CONFIG_SUSPEND_FREEZER=y
|
|
|
|
|
# CONFIG_HIBERNATION is not set
|
|
|
|
|
CONFIG_PM_SLEEP=y
|
|
|
|
|
CONFIG_PM_SLEEP_SMP=y
|
|
|
|
|
# CONFIG_PM_AUTOSLEEP is not set
|
|
|
|
|
@ -1572,7 +1564,6 @@ CONFIG_UNIX98_PTYS=y
|
|
|
|
|
# CONFIG_N_GSM is not set
|
|
|
|
|
# CONFIG_TRACE_SINK is not set
|
|
|
|
|
CONFIG_DEVMEM=y
|
|
|
|
|
CONFIG_DEVKMEM=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Serial drivers
|
|
|
|
|
@ -1615,7 +1606,6 @@ CONFIG_TCG_TIS=y
|
|
|
|
|
# CONFIG_TCG_CRB is not set
|
|
|
|
|
# CONFIG_TCG_TIS_ST33ZP24 is not set
|
|
|
|
|
# CONFIG_TELCLOCK is not set
|
|
|
|
|
CONFIG_DEVPORT=y
|
|
|
|
|
# CONFIG_XILLYBUS is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
@ -3056,10 +3046,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
|
|
|
|
|
# Pseudo filesystems
|
|
|
|
|
#
|
|
|
|
|
CONFIG_PROC_FS=y
|
|
|
|
|
# CONFIG_PROC_KCORE is not set
|
|
|
|
|
CONFIG_PROC_VMCORE=y
|
|
|
|
|
CONFIG_PROC_SYSCTL=y
|
|
|
|
|
CONFIG_PROC_PAGE_MONITOR=y
|
|
|
|
|
CONFIG_KERNFS=y
|
|
|
|
|
CONFIG_SYSFS=y
|
|
|
|
|
CONFIG_TMPFS=y
|
|
|
|
|
@ -3200,10 +3187,6 @@ CONFIG_TIMER_STATS=y
|
|
|
|
|
# CONFIG_DEBUG_RT_MUTEXES is not set
|
|
|
|
|
# CONFIG_DEBUG_SPINLOCK is not set
|
|
|
|
|
# CONFIG_DEBUG_MUTEXES is not set
|
|
|
|
|
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
|
|
|
|
|
# CONFIG_DEBUG_LOCK_ALLOC is not set
|
|
|
|
|
# CONFIG_PROVE_LOCKING is not set
|
|
|
|
|
# CONFIG_LOCK_STAT is not set
|
|
|
|
|
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
|
|
|
|
|
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
|
|
|
|
|
# CONFIG_LOCK_TORTURE_TEST is not set
|
|
|
|
|
@ -3229,9 +3212,7 @@ CONFIG_RCU_CPU_STALL_INFO=y
|
|
|
|
|
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
|
|
|
|
|
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
|
|
|
|
|
# CONFIG_FAULT_INJECTION is not set
|
|
|
|
|
# CONFIG_LATENCYTOP is not set
|
|
|
|
|
CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
|
|
|
|
|
# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
|
|
|
|
|
CONFIG_USER_STACKTRACE_SUPPORT=y
|
|
|
|
|
CONFIG_NOP_TRACER=y
|
|
|
|
|
CONFIG_HAVE_FUNCTION_TRACER=y
|
|
|
|
|
@ -3287,7 +3268,6 @@ CONFIG_PROBE_EVENTS=y
|
|
|
|
|
# CONFIG_TEST_STRING_HELPERS is not set
|
|
|
|
|
# CONFIG_TEST_KSTRTOX is not set
|
|
|
|
|
# CONFIG_TEST_RHASHTABLE is not set
|
|
|
|
|
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
|
|
|
|
|
# CONFIG_DMA_API_DEBUG is not set
|
|
|
|
|
# CONFIG_TEST_LKM is not set
|
|
|
|
|
# CONFIG_TEST_USER_COPY is not set
|
|
|
|
|
@ -3298,14 +3278,11 @@ CONFIG_PROBE_EVENTS=y
|
|
|
|
|
# CONFIG_SAMPLES is not set
|
|
|
|
|
CONFIG_HAVE_ARCH_KGDB=y
|
|
|
|
|
# CONFIG_KGDB is not set
|
|
|
|
|
# CONFIG_STRICT_DEVMEM is not set
|
|
|
|
|
CONFIG_STRICT_DEVMEM=y
|
|
|
|
|
CONFIG_X86_VERBOSE_BOOTUP=y
|
|
|
|
|
CONFIG_EARLY_PRINTK=y
|
|
|
|
|
CONFIG_EARLY_PRINTK_DBGP=y
|
|
|
|
|
# CONFIG_X86_PTDUMP is not set
|
|
|
|
|
CONFIG_DEBUG_RODATA=y
|
|
|
|
|
CONFIG_DEBUG_RODATA_TEST=y
|
|
|
|
|
# CONFIG_DEBUG_SET_MODULE_RONX is not set
|
|
|
|
|
# CONFIG_DEBUG_NX_TEST is not set
|
|
|
|
|
CONFIG_DOUBLEFAULT=y
|
|
|
|
|
# CONFIG_DEBUG_TLBFLUSH is not set
|
|
|
|
|
@ -3330,6 +3307,189 @@ CONFIG_OPTIMIZE_INLINING=y
|
|
|
|
|
#
|
|
|
|
|
# Security options
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Grsecurity
|
|
|
|
|
#
|
|
|
|
|
CONFIG_PAX_KERNEXEC_PLUGIN=y
|
|
|
|
|
CONFIG_PAX_PER_CPU_PGD=y
|
|
|
|
|
CONFIG_TASK_SIZE_MAX_SHIFT=42
|
|
|
|
|
CONFIG_PAX_USERCOPY_SLABS=y
|
|
|
|
|
CONFIG_GRKERNSEC=y
|
|
|
|
|
CONFIG_GRKERNSEC_CONFIG_AUTO=y
|
|
|
|
|
# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_CONFIG_SERVER is not set
|
|
|
|
|
CONFIG_GRKERNSEC_CONFIG_DESKTOP=y
|
|
|
|
|
CONFIG_GRKERNSEC_CONFIG_VIRT_NONE=y
|
|
|
|
|
# CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_CONFIG_VIRT_HOST is not set
|
|
|
|
|
CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF=y
|
|
|
|
|
# CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Default Special Groups
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_PROC_GID=1001
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Customize Configuration
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# PaX
|
|
|
|
|
#
|
|
|
|
|
CONFIG_PAX=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# PaX Control
|
|
|
|
|
#
|
|
|
|
|
# CONFIG_PAX_SOFTMODE is not set
|
|
|
|
|
# CONFIG_PAX_EI_PAX is not set
|
|
|
|
|
CONFIG_PAX_PT_PAX_FLAGS=y
|
|
|
|
|
# CONFIG_PAX_XATTR_PAX_FLAGS is not set
|
|
|
|
|
# CONFIG_PAX_NO_ACL_FLAGS is not set
|
|
|
|
|
CONFIG_PAX_HAVE_ACL_FLAGS=y
|
|
|
|
|
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Non-executable pages
|
|
|
|
|
#
|
|
|
|
|
CONFIG_PAX_NOEXEC=y
|
|
|
|
|
CONFIG_PAX_PAGEEXEC=y
|
|
|
|
|
CONFIG_PAX_EMUTRAMP=y
|
|
|
|
|
CONFIG_PAX_MPROTECT=y
|
|
|
|
|
CONFIG_PAX_MPROTECT_COMPAT=y
|
|
|
|
|
# CONFIG_PAX_ELFRELOCS is not set
|
|
|
|
|
CONFIG_PAX_KERNEXEC=y
|
|
|
|
|
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
|
|
|
|
|
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set
|
|
|
|
|
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts"
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Address Space Layout Randomization
|
|
|
|
|
#
|
|
|
|
|
CONFIG_PAX_ASLR=y
|
|
|
|
|
CONFIG_PAX_RANDKSTACK=y
|
|
|
|
|
CONFIG_PAX_RANDUSTACK=y
|
|
|
|
|
CONFIG_PAX_RANDMMAP=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Miscellaneous hardening features
|
|
|
|
|
#
|
|
|
|
|
# CONFIG_PAX_MEMORY_SANITIZE is not set
|
|
|
|
|
# CONFIG_PAX_MEMORY_STACKLEAK is not set
|
|
|
|
|
# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
|
|
|
|
|
# CONFIG_PAX_MEMORY_UDEREF is not set
|
|
|
|
|
CONFIG_PAX_REFCOUNT=y
|
|
|
|
|
CONFIG_PAX_CONSTIFY_PLUGIN=y
|
|
|
|
|
CONFIG_PAX_USERCOPY=y
|
|
|
|
|
# CONFIG_PAX_USERCOPY_DEBUG is not set
|
|
|
|
|
CONFIG_PAX_SIZE_OVERFLOW=y
|
|
|
|
|
CONFIG_PAX_LATENT_ENTROPY=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Memory Protections
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_KMEM=y
|
|
|
|
|
# CONFIG_GRKERNSEC_IO is not set
|
|
|
|
|
CONFIG_GRKERNSEC_BPF_HARDEN=y
|
|
|
|
|
CONFIG_GRKERNSEC_PERF_HARDEN=y
|
|
|
|
|
CONFIG_GRKERNSEC_RAND_THREADSTACK=y
|
|
|
|
|
CONFIG_GRKERNSEC_PROC_MEMMAP=y
|
|
|
|
|
CONFIG_GRKERNSEC_KSTACKOVERFLOW=y
|
|
|
|
|
CONFIG_GRKERNSEC_BRUTE=y
|
|
|
|
|
CONFIG_GRKERNSEC_MODHARDEN=y
|
|
|
|
|
CONFIG_GRKERNSEC_HIDESYM=y
|
|
|
|
|
CONFIG_GRKERNSEC_RANDSTRUCT=y
|
|
|
|
|
CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y
|
|
|
|
|
CONFIG_GRKERNSEC_KERN_LOCKOUT=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Role Based Access Control Options
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_NO_RBAC=y
|
|
|
|
|
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
|
|
|
|
|
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
|
|
|
|
|
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Filesystem Protections
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_PROC=y
|
|
|
|
|
# CONFIG_GRKERNSEC_PROC_USER is not set
|
|
|
|
|
CONFIG_GRKERNSEC_PROC_USERGROUP=y
|
|
|
|
|
CONFIG_GRKERNSEC_PROC_ADD=y
|
|
|
|
|
CONFIG_GRKERNSEC_LINK=y
|
|
|
|
|
# CONFIG_GRKERNSEC_SYMLINKOWN is not set
|
|
|
|
|
CONFIG_GRKERNSEC_FIFO=y
|
|
|
|
|
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_ROFS is not set
|
|
|
|
|
CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_UNIX=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_NICE=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_RENAME=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_CAPS=y
|
|
|
|
|
CONFIG_GRKERNSEC_CHROOT_INITRD=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Kernel Auditing
|
|
|
|
|
#
|
|
|
|
|
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_EXECLOG is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_RESLOG is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_SIGNAL is not set
|
|
|
|
|
# CONFIG_GRKERNSEC_FORKFAIL is not set
|
|
|
|
|
CONFIG_GRKERNSEC_TIME=y
|
|
|
|
|
CONFIG_GRKERNSEC_PROC_IPADDR=y
|
|
|
|
|
CONFIG_GRKERNSEC_RWXMAP_LOG=y
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Executable Protections
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_DMESG=y
|
|
|
|
|
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
|
|
|
|
|
CONFIG_GRKERNSEC_PTRACE_READEXEC=y
|
|
|
|
|
CONFIG_GRKERNSEC_SETXID=y
|
|
|
|
|
CONFIG_GRKERNSEC_HARDEN_IPC=y
|
|
|
|
|
# CONFIG_GRKERNSEC_TPE is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Network Protections
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_BLACKHOLE=y
|
|
|
|
|
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
|
|
|
|
|
# CONFIG_GRKERNSEC_SOCKET is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Physical Protections
|
|
|
|
|
#
|
|
|
|
|
# CONFIG_GRKERNSEC_DENYUSB is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Sysctl Support
|
|
|
|
|
#
|
|
|
|
|
# CONFIG_GRKERNSEC_SYSCTL is not set
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Logging Options
|
|
|
|
|
#
|
|
|
|
|
CONFIG_GRKERNSEC_FLOODTIME=10
|
|
|
|
|
CONFIG_GRKERNSEC_FLOODBURST=3
|
|
|
|
|
CONFIG_KEYS=y
|
|
|
|
|
# CONFIG_PERSISTENT_KEYRINGS is not set
|
|
|
|
|
# CONFIG_BIG_KEYS is not set
|
|
|
|
|
@ -3346,7 +3506,6 @@ CONFIG_SECURITY_NETWORK=y
|
|
|
|
|
# CONFIG_SECURITY_SMACK is not set
|
|
|
|
|
# CONFIG_SECURITY_TOMOYO is not set
|
|
|
|
|
# CONFIG_SECURITY_APPARMOR is not set
|
|
|
|
|
# CONFIG_SECURITY_YAMA is not set
|
|
|
|
|
CONFIG_INTEGRITY=y
|
|
|
|
|
# CONFIG_INTEGRITY_SIGNATURE is not set
|
|
|
|
|
CONFIG_INTEGRITY_AUDIT=y
|
|
|
|
|
|
xSmurf
9 years ago