linux4.14: kspp configs, general hardening
This commit is contained in:
Andrea Brancaleoni
Andrea Brancaleoni
parent
2a37b5cef4
commit
bd1b40da93
5 changed files with 50 additions and 45 deletions
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/arm64 4.14.0 Kernel Configuration
|
||||
# Linux/arm64 4.14.11 Kernel Configuration
|
||||
#
|
||||
CONFIG_ARM64=y
|
||||
CONFIG_64BIT=y
|
||||
|
|
@ -275,6 +275,7 @@ CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
|
|||
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
|
||||
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
|
||||
CONFIG_HAVE_ARCH_HUGE_VMAP=y
|
||||
CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
|
||||
CONFIG_MODULES_USE_ELF_RELA=y
|
||||
CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
|
||||
CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
|
||||
|
|
@ -295,7 +296,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
|
|||
CONFIG_STRICT_KERNEL_RWX=y
|
||||
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
|
||||
CONFIG_STRICT_MODULE_RWX=y
|
||||
# CONFIG_REFCOUNT_FULL is not set
|
||||
CONFIG_REFCOUNT_FULL=y
|
||||
|
||||
#
|
||||
# GCOV-based kernel profiling
|
||||
|
|
@ -310,7 +311,7 @@ CONFIG_MODULES=y
|
|||
# CONFIG_MODULE_FORCE_LOAD is not set
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
# CONFIG_MODULE_FORCE_UNLOAD is not set
|
||||
# CONFIG_MODVERSIONS is not set
|
||||
CONFIG_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
|
|
@ -576,7 +577,7 @@ CONFIG_PHYS_ADDR_T_64BIT=y
|
|||
CONFIG_BOUNCE=y
|
||||
CONFIG_MMU_NOTIFIER=y
|
||||
CONFIG_KSM=y
|
||||
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||
CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
|
||||
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
|
||||
# CONFIG_MEMORY_FAILURE is not set
|
||||
# CONFIG_TRANSPARENT_HUGEPAGE is not set
|
||||
|
|
@ -622,7 +623,10 @@ CONFIG_ARM64_VHE=y
|
|||
CONFIG_ARM64_UAO=y
|
||||
CONFIG_ARM64_PMEM=y
|
||||
CONFIG_ARM64_MODULE_CMODEL_LARGE=y
|
||||
# CONFIG_RANDOMIZE_BASE is not set
|
||||
CONFIG_ARM64_MODULE_PLTS=y
|
||||
CONFIG_RELOCATABLE=y
|
||||
CONFIG_RANDOMIZE_BASE=y
|
||||
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
|
||||
|
||||
#
|
||||
# Boot options
|
||||
|
|
@ -7521,7 +7525,7 @@ CONFIG_NTFS_FS=m
|
|||
# Pseudo filesystems
|
||||
#
|
||||
CONFIG_PROC_FS=y
|
||||
CONFIG_PROC_KCORE=y
|
||||
# CONFIG_PROC_KCORE is not set
|
||||
CONFIG_PROC_SYSCTL=y
|
||||
CONFIG_PROC_PAGE_MONITOR=y
|
||||
CONFIG_PROC_CHILDREN=y
|
||||
|
|
@ -7822,7 +7826,7 @@ CONFIG_PANIC_TIMEOUT=0
|
|||
CONFIG_SCHED_DEBUG=y
|
||||
CONFIG_SCHED_INFO=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
# CONFIG_SCHED_STACK_END_CHECK is not set
|
||||
CONFIG_SCHED_STACK_END_CHECK=y
|
||||
# CONFIG_DEBUG_TIMEKEEPING is not set
|
||||
|
||||
#
|
||||
|
|
@ -7846,9 +7850,9 @@ CONFIG_HAVE_DEBUG_BUGVERBOSE=y
|
|||
CONFIG_DEBUG_BUGVERBOSE=y
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
# CONFIG_DEBUG_CREDENTIALS is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
|
||||
#
|
||||
# RCU Debugging
|
||||
|
|
@ -7940,7 +7944,7 @@ CONFIG_TEST_KSTRTOX=y
|
|||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
# CONFIG_TEST_KMOD is not set
|
||||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# CONFIG_SAMPLES is not set
|
||||
CONFIG_HAVE_ARCH_KGDB=y
|
||||
CONFIG_KGDB=y
|
||||
|
|
@ -7953,12 +7957,12 @@ CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
|
|||
# CONFIG_UBSAN is not set
|
||||
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
|
||||
CONFIG_STRICT_DEVMEM=y
|
||||
# CONFIG_IO_STRICT_DEVMEM is not set
|
||||
# CONFIG_ARM64_PTDUMP_CORE is not set
|
||||
CONFIG_IO_STRICT_DEVMEM=y
|
||||
CONFIG_ARM64_PTDUMP_CORE=y
|
||||
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
|
||||
# CONFIG_PID_IN_CONTEXTIDR is not set
|
||||
# CONFIG_ARM64_RANDOMIZE_TEXT_OFFSET is not set
|
||||
# CONFIG_DEBUG_WX is not set
|
||||
CONFIG_DEBUG_WX=y
|
||||
# CONFIG_DEBUG_ALIGN_RODATA is not set
|
||||
# CONFIG_DEBUG_EFI is not set
|
||||
# CONFIG_ARM64_RELOC_TEST is not set
|
||||
|
|
@ -7974,7 +7978,7 @@ CONFIG_BIG_KEYS=y
|
|||
CONFIG_TRUSTED_KEYS=m
|
||||
CONFIG_ENCRYPTED_KEYS=y
|
||||
# CONFIG_KEY_DH_OPERATIONS is not set
|
||||
# CONFIG_SECURITY_DMESG_RESTRICT is not set
|
||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SECURITY=y
|
||||
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
|
||||
CONFIG_SECURITYFS=y
|
||||
|
|
@ -7982,8 +7986,9 @@ CONFIG_SECURITY_NETWORK=y
|
|||
CONFIG_SECURITY_NETWORK_XFRM=y
|
||||
# CONFIG_SECURITY_PATH is not set
|
||||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
# CONFIG_HARDENED_USERCOPY is not set
|
||||
# CONFIG_FORTIFY_SOURCE is not set
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
# CONFIG_SECURITY_SELINUX is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/arm 4.14.10 Kernel Configuration
|
||||
# Linux/arm 4.14.11 Kernel Configuration
|
||||
#
|
||||
CONFIG_ARM=y
|
||||
CONFIG_ARM_HAS_SG_CHAIN=y
|
||||
|
|
@ -31,7 +31,7 @@ CONFIG_BROKEN_ON_SMP=y
|
|||
CONFIG_INIT_ENV_ARG_LIMIT=32
|
||||
CONFIG_CROSS_COMPILE=""
|
||||
# CONFIG_COMPILE_TEST is not set
|
||||
CONFIG_LOCALVERSION="-tld-1"
|
||||
CONFIG_LOCALVERSION="_1"
|
||||
# CONFIG_LOCALVERSION_AUTO is not set
|
||||
CONFIG_HAVE_KERNEL_GZIP=y
|
||||
CONFIG_HAVE_KERNEL_LZMA=y
|
||||
|
|
@ -257,7 +257,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
|
|||
CONFIG_STRICT_KERNEL_RWX=y
|
||||
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
|
||||
CONFIG_STRICT_MODULE_RWX=y
|
||||
# CONFIG_REFCOUNT_FULL is not set
|
||||
CONFIG_REFCOUNT_FULL=y
|
||||
|
||||
#
|
||||
# GCOV-based kernel profiling
|
||||
|
|
@ -5952,9 +5952,9 @@ CONFIG_STACKTRACE=y
|
|||
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
|
||||
# CONFIG_DEBUG_KOBJECT is not set
|
||||
CONFIG_DEBUG_BUGVERBOSE=y
|
||||
# CONFIG_DEBUG_LIST is not set
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
# CONFIG_DEBUG_NOTIFIERS is not set
|
||||
# CONFIG_DEBUG_CREDENTIALS is not set
|
||||
|
||||
|
|
@ -6041,7 +6041,7 @@ CONFIG_TRACING_EVENTS_GPIO=y
|
|||
# CONFIG_TEST_STATIC_KEYS is not set
|
||||
# CONFIG_TEST_KMOD is not set
|
||||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# CONFIG_SAMPLES is not set
|
||||
CONFIG_HAVE_ARCH_KGDB=y
|
||||
# CONFIG_KGDB is not set
|
||||
|
|
@ -6080,7 +6080,7 @@ CONFIG_PERSISTENT_KEYRINGS=y
|
|||
CONFIG_BIG_KEYS=y
|
||||
CONFIG_ENCRYPTED_KEYS=y
|
||||
CONFIG_KEY_DH_OPERATIONS=y
|
||||
# CONFIG_SECURITY_DMESG_RESTRICT is not set
|
||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SECURITY=y
|
||||
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
|
||||
CONFIG_SECURITYFS=y
|
||||
|
|
|
|||
|
|
@ -243,8 +243,8 @@ CONFIG_SLUB_DEBUG=y
|
|||
CONFIG_SLUB=y
|
||||
# CONFIG_SLOB is not set
|
||||
CONFIG_SLAB_MERGE_DEFAULT=y
|
||||
# CONFIG_SLAB_FREELIST_RANDOM is not set
|
||||
# CONFIG_SLAB_FREELIST_HARDENED is not set
|
||||
CONFIG_SLAB_FREELIST_RANDOM=y
|
||||
CONFIG_SLAB_FREELIST_HARDENED=y
|
||||
CONFIG_SLUB_CPU_PARTIAL=y
|
||||
# CONFIG_SYSTEM_DATA_VERIFICATION is not set
|
||||
CONFIG_PROFILING=y
|
||||
|
|
@ -327,7 +327,7 @@ CONFIG_STRICT_KERNEL_RWX=y
|
|||
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
|
||||
CONFIG_STRICT_MODULE_RWX=y
|
||||
CONFIG_ARCH_HAS_REFCOUNT=y
|
||||
# CONFIG_REFCOUNT_FULL is not set
|
||||
CONFIG_REFCOUNT_FULL=y
|
||||
|
||||
#
|
||||
# GCOV-based kernel profiling
|
||||
|
|
@ -342,7 +342,7 @@ CONFIG_MODULES=y
|
|||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
CONFIG_MODULE_FORCE_UNLOAD=y
|
||||
# CONFIG_MODVERSIONS is not set
|
||||
CONFIG_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
|
|
@ -7992,7 +7992,7 @@ CONFIG_PANIC_TIMEOUT=0
|
|||
# CONFIG_SCHED_DEBUG is not set
|
||||
CONFIG_SCHED_INFO=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
# CONFIG_SCHED_STACK_END_CHECK is not set
|
||||
CONFIG_SCHED_STACK_END_CHECK=y
|
||||
# CONFIG_DEBUG_TIMEKEEPING is not set
|
||||
# CONFIG_DEBUG_PREEMPT is not set
|
||||
|
||||
|
|
@ -8016,7 +8016,7 @@ CONFIG_STACKTRACE=y
|
|||
CONFIG_DEBUG_BUGVERBOSE=y
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
|
||||
|
|
@ -8083,7 +8083,7 @@ CONFIG_TEST_PARMAN=m
|
|||
CONFIG_TEST_STATIC_KEYS=m
|
||||
# CONFIG_TEST_KMOD is not set
|
||||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# CONFIG_SAMPLES is not set
|
||||
CONFIG_HAVE_ARCH_KGDB=y
|
||||
# CONFIG_KGDB is not set
|
||||
|
|
@ -8101,7 +8101,7 @@ CONFIG_EARLY_PRINTK_EFI=y
|
|||
# CONFIG_X86_PTDUMP_CORE is not set
|
||||
# CONFIG_X86_PTDUMP is not set
|
||||
# CONFIG_EFI_PGT_DUMP is not set
|
||||
# CONFIG_DEBUG_WX is not set
|
||||
CONFIG_DEBUG_WX=y
|
||||
CONFIG_DOUBLEFAULT=y
|
||||
# CONFIG_DEBUG_TLBFLUSH is not set
|
||||
# CONFIG_IOMMU_STRESS is not set
|
||||
|
|
@ -8135,7 +8135,7 @@ CONFIG_KEYS=y
|
|||
CONFIG_TRUSTED_KEYS=m
|
||||
CONFIG_ENCRYPTED_KEYS=m
|
||||
# CONFIG_KEY_DH_OPERATIONS is not set
|
||||
# CONFIG_SECURITY_DMESG_RESTRICT is not set
|
||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SECURITY=y
|
||||
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
|
||||
CONFIG_SECURITYFS=y
|
||||
|
|
@ -8146,7 +8146,7 @@ CONFIG_INTEL_TXT=y
|
|||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
# CONFIG_FORTIFY_SOURCE is not set
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
|
|
|
|||
|
|
@ -252,8 +252,8 @@ CONFIG_SLUB_DEBUG=y
|
|||
CONFIG_SLUB=y
|
||||
# CONFIG_SLOB is not set
|
||||
CONFIG_SLAB_MERGE_DEFAULT=y
|
||||
# CONFIG_SLAB_FREELIST_RANDOM is not set
|
||||
# CONFIG_SLAB_FREELIST_HARDENED is not set
|
||||
CONFIG_SLAB_FREELIST_RANDOM=y
|
||||
CONFIG_SLAB_FREELIST_HARDENED=y
|
||||
CONFIG_SLUB_CPU_PARTIAL=y
|
||||
# CONFIG_SYSTEM_DATA_VERIFICATION is not set
|
||||
CONFIG_PROFILING=y
|
||||
|
|
@ -348,7 +348,7 @@ CONFIG_STRICT_KERNEL_RWX=y
|
|||
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
|
||||
CONFIG_STRICT_MODULE_RWX=y
|
||||
CONFIG_ARCH_HAS_REFCOUNT=y
|
||||
# CONFIG_REFCOUNT_FULL is not set
|
||||
CONFIG_REFCOUNT_FULL=y
|
||||
|
||||
#
|
||||
# GCOV-based kernel profiling
|
||||
|
|
@ -363,7 +363,7 @@ CONFIG_MODULES=y
|
|||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
CONFIG_MODULE_FORCE_UNLOAD=y
|
||||
# CONFIG_MODVERSIONS is not set
|
||||
CONFIG_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
|
|
@ -8091,7 +8091,7 @@ CONFIG_PANIC_TIMEOUT=0
|
|||
# CONFIG_SCHED_DEBUG is not set
|
||||
CONFIG_SCHED_INFO=y
|
||||
CONFIG_SCHEDSTATS=y
|
||||
# CONFIG_SCHED_STACK_END_CHECK is not set
|
||||
CONFIG_SCHED_STACK_END_CHECK=y
|
||||
# CONFIG_DEBUG_TIMEKEEPING is not set
|
||||
# CONFIG_DEBUG_PREEMPT is not set
|
||||
|
||||
|
|
@ -8115,7 +8115,7 @@ CONFIG_STACKTRACE=y
|
|||
CONFIG_DEBUG_BUGVERBOSE=y
|
||||
CONFIG_DEBUG_LIST=y
|
||||
# CONFIG_DEBUG_PI_LIST is not set
|
||||
# CONFIG_DEBUG_SG is not set
|
||||
CONFIG_DEBUG_SG=y
|
||||
CONFIG_DEBUG_NOTIFIERS=y
|
||||
CONFIG_DEBUG_CREDENTIALS=y
|
||||
|
||||
|
|
@ -8217,7 +8217,7 @@ CONFIG_TEST_PARMAN=m
|
|||
CONFIG_TEST_STATIC_KEYS=m
|
||||
# CONFIG_TEST_KMOD is not set
|
||||
# CONFIG_MEMTEST is not set
|
||||
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
|
||||
CONFIG_BUG_ON_DATA_CORRUPTION=y
|
||||
# CONFIG_SAMPLES is not set
|
||||
CONFIG_HAVE_ARCH_KGDB=y
|
||||
# CONFIG_KGDB is not set
|
||||
|
|
@ -8235,7 +8235,7 @@ CONFIG_EARLY_PRINTK_EFI=y
|
|||
# CONFIG_X86_PTDUMP_CORE is not set
|
||||
# CONFIG_X86_PTDUMP is not set
|
||||
# CONFIG_EFI_PGT_DUMP is not set
|
||||
# CONFIG_DEBUG_WX is not set
|
||||
CONFIG_DEBUG_WX=y
|
||||
CONFIG_DOUBLEFAULT=y
|
||||
# CONFIG_DEBUG_TLBFLUSH is not set
|
||||
# CONFIG_IOMMU_DEBUG is not set
|
||||
|
|
@ -8272,7 +8272,7 @@ CONFIG_KEYS_COMPAT=y
|
|||
CONFIG_TRUSTED_KEYS=m
|
||||
CONFIG_ENCRYPTED_KEYS=m
|
||||
# CONFIG_KEY_DH_OPERATIONS is not set
|
||||
# CONFIG_SECURITY_DMESG_RESTRICT is not set
|
||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||
CONFIG_SECURITY=y
|
||||
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
|
||||
CONFIG_SECURITYFS=y
|
||||
|
|
@ -8284,7 +8284,7 @@ CONFIG_INTEL_TXT=y
|
|||
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
# CONFIG_FORTIFY_SOURCE is not set
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'linux4.14'
|
||||
pkgname=linux4.14
|
||||
version=4.14.12
|
||||
revision=2
|
||||
revision=3
|
||||
patch_args="-Np1"
|
||||
wrksrc="linux-${version}"
|
||||
maintainer="Juan RP <xtraeme@voidlinux.eu>"
|
||||
|
|
|
|||
Loading…
Reference in a new issue