diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-09-10 00:19:18 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-09-10 00:19:18 -0300 |
commit | 693de237f790f2c8d0a468dcafc2727fac69bd36 (patch) | |
tree | 50fcb87964351d7362436512a2691d58daeca7af /kernels/linux-libre-lts-grsec/config.i686 | |
parent | 3876ca5cbf1f38fbbe218226eac46ec581dc3bb4 (diff) | |
download | abslibre-693de237f790f2c8d0a468dcafc2727fac69bd36.tar.gz abslibre-693de237f790f2c8d0a468dcafc2727fac69bd36.tar.bz2 abslibre-693de237f790f2c8d0a468dcafc2727fac69bd36.zip |
linux-libre-lts-grsec-3.14.18_gnu.201409082127-2: add changes from linux-libre-grsec
* enable CONFIG_PAX_CONSTIFY_PLUGIN for i686
* add missing module (CONFIG_CX_ECAT)
* enable CONFIG_RANDOMIZE_BASE
* enable CONFIG_PAX_MEMORY_SANITIZE
* use the higher upstream value for CONFIG_DEFAULT_MMAP_MIN_ADDR
* increase CONFIG_PAX_KERNEXEC_MODULE_TEXT to 12M for the i686 kernel
* enable CONFIG_PAX_MEMORY_UDEREF for the x86_64 kernel + add warning
* enable CONFIG_USER_NS
* regenerate config
* rely on grsecurity to disable unprivileged user namespaces
* enable KERNEXEC on x86_64
Diffstat (limited to 'kernels/linux-libre-lts-grsec/config.i686')
-rw-r--r-- | kernels/linux-libre-lts-grsec/config.i686 | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/kernels/linux-libre-lts-grsec/config.i686 b/kernels/linux-libre-lts-grsec/config.i686 index c5629d188..5587cda1b 100644 --- a/kernels/linux-libre-lts-grsec/config.i686 +++ b/kernels/linux-libre-lts-grsec/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.18-gnu-201409082127-1-lts-grsec Kernel Configuration +# Linux/x86 3.14.18-gnu-201409082127-2-lts-grsec Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -154,7 +154,7 @@ CONFIG_BLK_CGROUP=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y -# CONFIG_USER_NS is not set +CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_SCHED_AUTOGROUP=y @@ -322,6 +322,7 @@ CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y CONFIG_ASN1=m CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -410,6 +411,8 @@ CONFIG_X86_MCE_THRESHOLD=y # CONFIG_X86_MCE_INJECT is not set CONFIG_X86_THERMAL_VECTOR=y CONFIG_VM86=y +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX32=y CONFIG_TOSHIBA=m CONFIG_I8K=m CONFIG_X86_REBOOTFIXUPS=y @@ -450,7 +453,7 @@ CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y CONFIG_TRANSPARENT_HUGEPAGE=y @@ -489,7 +492,8 @@ CONFIG_SCHED_HRTICK=y # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y -# CONFIG_RANDOMIZE_BASE is not set +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x20000000 CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y @@ -1632,8 +1636,8 @@ CONFIG_OF_MDIO=m CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_MTD=y -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -6260,10 +6264,6 @@ CONFIG_TIMER_STATS=y # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -6430,7 +6430,7 @@ CONFIG_PAX_MPROTECT=y # CONFIG_PAX_ELFRELOCS is not set CONFIG_PAX_KERNEXEC=y CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" -CONFIG_PAX_KERNEXEC_MODULE_TEXT=4 +CONFIG_PAX_KERNEXEC_MODULE_TEXT=12 # # Address Space Layout Randomization @@ -6443,12 +6443,12 @@ CONFIG_PAX_RANDMMAP=y # # Miscellaneous hardening features # -# CONFIG_PAX_MEMORY_SANITIZE is not set +CONFIG_PAX_MEMORY_SANITIZE=y CONFIG_PAX_MEMORY_STACKLEAK=y CONFIG_PAX_MEMORY_STRUCTLEAK=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y -# CONFIG_PAX_CONSTIFY_PLUGIN is not set +CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_USERCOPY=y # CONFIG_PAX_USERCOPY_DEBUG is not set CONFIG_PAX_SIZE_OVERFLOW=y @@ -6536,7 +6536,6 @@ CONFIG_GRKERNSEC_TPE_GID=200 # # Network Protections # -CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_BLACKHOLE=y CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y CONFIG_GRKERNSEC_SOCKET=y |