From 693de237f790f2c8d0a468dcafc2727fac69bd36 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Wed, 10 Sep 2014 00:19:18 -0300 Subject: linux-libre-lts-grsec-3.14.18_gnu.201409082127-2: add changes from linux-libre-grsec * enable CONFIG_PAX_CONSTIFY_PLUGIN for i686 * add missing module (CONFIG_CX_ECAT) * enable CONFIG_RANDOMIZE_BASE * enable CONFIG_PAX_MEMORY_SANITIZE * use the higher upstream value for CONFIG_DEFAULT_MMAP_MIN_ADDR * increase CONFIG_PAX_KERNEXEC_MODULE_TEXT to 12M for the i686 kernel * enable CONFIG_PAX_MEMORY_UDEREF for the x86_64 kernel + add warning * enable CONFIG_USER_NS * regenerate config * rely on grsecurity to disable unprivileged user namespaces * enable KERNEXEC on x86_64 --- kernels/linux-libre-lts-grsec/config.i686 | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'kernels/linux-libre-lts-grsec/config.i686') diff --git a/kernels/linux-libre-lts-grsec/config.i686 b/kernels/linux-libre-lts-grsec/config.i686 index c5629d188..5587cda1b 100644 --- a/kernels/linux-libre-lts-grsec/config.i686 +++ b/kernels/linux-libre-lts-grsec/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.18-gnu-201409082127-1-lts-grsec Kernel Configuration +# Linux/x86 3.14.18-gnu-201409082127-2-lts-grsec Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -154,7 +154,7 @@ CONFIG_BLK_CGROUP=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y -# CONFIG_USER_NS is not set +CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_SCHED_AUTOGROUP=y @@ -322,6 +322,7 @@ CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y CONFIG_ASN1=m CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -410,6 +411,8 @@ CONFIG_X86_MCE_THRESHOLD=y # CONFIG_X86_MCE_INJECT is not set CONFIG_X86_THERMAL_VECTOR=y CONFIG_VM86=y +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX32=y CONFIG_TOSHIBA=m CONFIG_I8K=m CONFIG_X86_REBOOTFIXUPS=y @@ -450,7 +453,7 @@ CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y CONFIG_TRANSPARENT_HUGEPAGE=y @@ -489,7 +492,8 @@ CONFIG_SCHED_HRTICK=y # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y -# CONFIG_RANDOMIZE_BASE is not set +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x20000000 CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y @@ -1632,8 +1636,8 @@ CONFIG_OF_MDIO=m CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y CONFIG_OF_MTD=y -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set @@ -6260,10 +6264,6 @@ CONFIG_TIMER_STATS=y # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -6430,7 +6430,7 @@ CONFIG_PAX_MPROTECT=y # CONFIG_PAX_ELFRELOCS is not set CONFIG_PAX_KERNEXEC=y CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" -CONFIG_PAX_KERNEXEC_MODULE_TEXT=4 +CONFIG_PAX_KERNEXEC_MODULE_TEXT=12 # # Address Space Layout Randomization @@ -6443,12 +6443,12 @@ CONFIG_PAX_RANDMMAP=y # # Miscellaneous hardening features # -# CONFIG_PAX_MEMORY_SANITIZE is not set +CONFIG_PAX_MEMORY_SANITIZE=y CONFIG_PAX_MEMORY_STACKLEAK=y CONFIG_PAX_MEMORY_STRUCTLEAK=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y -# CONFIG_PAX_CONSTIFY_PLUGIN is not set +CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_USERCOPY=y # CONFIG_PAX_USERCOPY_DEBUG is not set CONFIG_PAX_SIZE_OVERFLOW=y @@ -6536,7 +6536,6 @@ CONFIG_GRKERNSEC_TPE_GID=200 # # Network Protections # -CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_BLACKHOLE=y CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y CONFIG_GRKERNSEC_SOCKET=y -- cgit v1.2.3