sys-kernel/hardened-kernel: update to v6.10.13
This commit is contained in:
@@ -77,6 +77,7 @@ CONFIG_GENERIC_MSI_IRQ=y
|
||||
CONFIG_IRQ_MSI_IOMMU=y
|
||||
CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y
|
||||
CONFIG_GENERIC_IRQ_RESERVATION_MODE=y
|
||||
CONFIG_GENERIC_IRQ_STAT_SNAPSHOT=y
|
||||
CONFIG_IRQ_FORCED_THREADING=y
|
||||
CONFIG_SPARSE_IRQ=y
|
||||
# CONFIG_GENERIC_IRQ_DEBUGFS is not set
|
||||
@@ -104,6 +105,8 @@ CONFIG_NO_HZ_COMMON=y
|
||||
# CONFIG_HZ_PERIODIC is not set
|
||||
CONFIG_NO_HZ_IDLE=y
|
||||
# CONFIG_NO_HZ_FULL is not set
|
||||
CONFIG_CONTEXT_TRACKING_USER=y
|
||||
CONFIG_CONTEXT_TRACKING_USER_FORCE=y
|
||||
CONFIG_NO_HZ=y
|
||||
CONFIG_HIGH_RES_TIMERS=y
|
||||
CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100
|
||||
@@ -132,13 +135,15 @@ CONFIG_PREEMPT_VOLUNTARY=y
|
||||
CONFIG_PREEMPT_COUNT=y
|
||||
CONFIG_PREEMPTION=y
|
||||
CONFIG_PREEMPT_DYNAMIC=y
|
||||
CONFIG_SCHED_CORE=y
|
||||
|
||||
#
|
||||
# CPU/Task time and stats accounting
|
||||
#
|
||||
CONFIG_TICK_CPU_ACCOUNTING=y
|
||||
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
|
||||
# CONFIG_IRQ_TIME_ACCOUNTING is not set
|
||||
CONFIG_VIRT_CPU_ACCOUNTING=y
|
||||
# CONFIG_TICK_CPU_ACCOUNTING is not set
|
||||
CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
|
||||
CONFIG_IRQ_TIME_ACCOUNTING=y
|
||||
CONFIG_HAVE_SCHED_AVG_IRQ=y
|
||||
CONFIG_BSD_PROCESS_ACCT=y
|
||||
CONFIG_BSD_PROCESS_ACCT_V3=y
|
||||
@@ -146,6 +151,8 @@ CONFIG_TASKSTATS=y
|
||||
CONFIG_TASK_DELAY_ACCT=y
|
||||
CONFIG_TASK_XACCT=y
|
||||
CONFIG_TASK_IO_ACCOUNTING=y
|
||||
CONFIG_PSI=y
|
||||
# CONFIG_PSI_DEFAULT_DISABLED is not set
|
||||
# end of CPU/Task time and stats accounting
|
||||
|
||||
CONFIG_CPU_ISOLATION=y
|
||||
@@ -177,9 +184,8 @@ CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
|
||||
#
|
||||
# Scheduler features
|
||||
#
|
||||
CONFIG_SCHED_ALT=y
|
||||
# CONFIG_SCHED_BMQ is not set
|
||||
CONFIG_SCHED_PDS=y
|
||||
# CONFIG_UCLAMP_TASK is not set
|
||||
# CONFIG_SCHED_ALT is not set
|
||||
# end of Scheduler features
|
||||
|
||||
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
|
||||
@@ -191,6 +197,7 @@ CONFIG_CC_NO_ARRAY_BOUNDS=y
|
||||
CONFIG_GCC_NO_STRINGOP_OVERFLOW=y
|
||||
CONFIG_CC_NO_STRINGOP_OVERFLOW=y
|
||||
CONFIG_ARCH_SUPPORTS_INT128=y
|
||||
# CONFIG_NUMA_BALANCING is not set
|
||||
CONFIG_SLAB_OBJ_EXT=y
|
||||
CONFIG_CGROUPS=y
|
||||
CONFIG_PAGE_COUNTER=y
|
||||
@@ -201,6 +208,8 @@ CONFIG_BLK_CGROUP=y
|
||||
CONFIG_CGROUP_WRITEBACK=y
|
||||
CONFIG_CGROUP_SCHED=y
|
||||
CONFIG_FAIR_GROUP_SCHED=y
|
||||
CONFIG_CFS_BANDWIDTH=y
|
||||
# CONFIG_RT_GROUP_SCHED is not set
|
||||
CONFIG_SCHED_MM_CID=y
|
||||
CONFIG_CGROUP_PIDS=y
|
||||
CONFIG_CGROUP_RDMA=y
|
||||
@@ -223,7 +232,8 @@ CONFIG_USER_NS=y
|
||||
CONFIG_USER_NS_UNPRIVILEGED=y
|
||||
CONFIG_PID_NS=y
|
||||
CONFIG_NET_NS=y
|
||||
# CONFIG_CHECKPOINT_RESTORE is not set
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
CONFIG_SCHED_AUTOGROUP=y
|
||||
CONFIG_RELAY=y
|
||||
CONFIG_BLK_DEV_INITRD=y
|
||||
CONFIG_INITRAMFS_SOURCE=""
|
||||
@@ -451,8 +461,6 @@ CONFIG_PERF_EVENTS_AMD_UNCORE=m
|
||||
# CONFIG_PERF_EVENTS_AMD_BRS is not set
|
||||
# end of Performance monitoring
|
||||
|
||||
CONFIG_X86_16BIT=y
|
||||
CONFIG_X86_ESPFIX64=y
|
||||
CONFIG_X86_VSYSCALL_EMULATION=y
|
||||
# CONFIG_X86_IOPL_IOPERM is not set
|
||||
CONFIG_MICROCODE=y
|
||||
@@ -527,9 +535,9 @@ CONFIG_HOTPLUG_CPU=y
|
||||
# CONFIG_LEGACY_VSYSCALL_XONLY is not set
|
||||
CONFIG_LEGACY_VSYSCALL_NONE=y
|
||||
CONFIG_CMDLINE_BOOL=y
|
||||
CONFIG_CMDLINE="cfi=kcfi vdso32=0 page_poison=1 page_alloc.shuffle=1 slab_nomerge pti=on rootflags=discard"
|
||||
CONFIG_CMDLINE="vdso32=0 page_poison=1 page_alloc.shuffle=1 slab_nomerge pti=on"
|
||||
# CONFIG_CMDLINE_OVERRIDE is not set
|
||||
CONFIG_MODIFY_LDT_SYSCALL=y
|
||||
# CONFIG_MODIFY_LDT_SYSCALL is not set
|
||||
# CONFIG_STRICT_SIGALTSTACK_SIZE is not set
|
||||
CONFIG_HAVE_LIVEPATCH=y
|
||||
# end of Processor type and features
|
||||
@@ -972,13 +980,15 @@ CONFIG_BLK_DEV_INTEGRITY_T10=y
|
||||
CONFIG_BLK_DEV_WRITE_MOUNTED=y
|
||||
CONFIG_BLK_DEV_ZONED=y
|
||||
CONFIG_BLK_DEV_THROTTLING=y
|
||||
# CONFIG_BLK_WBT is not set
|
||||
CONFIG_BLK_WBT=y
|
||||
CONFIG_BLK_WBT_MQ=y
|
||||
CONFIG_BLK_CGROUP_IOLATENCY=y
|
||||
CONFIG_BLK_CGROUP_IOCOST=y
|
||||
CONFIG_BLK_CGROUP_IOPRIO=y
|
||||
CONFIG_BLK_DEBUG_FS=y
|
||||
# CONFIG_BLK_SED_OPAL is not set
|
||||
# CONFIG_BLK_INLINE_ENCRYPTION is not set
|
||||
CONFIG_BLK_INLINE_ENCRYPTION=y
|
||||
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y
|
||||
|
||||
#
|
||||
# Partition Types
|
||||
@@ -1015,8 +1025,8 @@ CONFIG_BLK_MQ_STACKING=y
|
||||
# IO Schedulers
|
||||
#
|
||||
CONFIG_MQ_IOSCHED_DEADLINE=y
|
||||
CONFIG_MQ_IOSCHED_KYBER=m
|
||||
CONFIG_IOSCHED_BFQ=m
|
||||
CONFIG_MQ_IOSCHED_KYBER=y
|
||||
CONFIG_IOSCHED_BFQ=y
|
||||
CONFIG_BFQ_GROUP_IOSCHED=y
|
||||
# CONFIG_BFQ_CGROUP_DEBUG is not set
|
||||
# end of IO Schedulers
|
||||
@@ -1142,6 +1152,7 @@ CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
|
||||
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
|
||||
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
|
||||
# CONFIG_CMA is not set
|
||||
# CONFIG_MEM_SOFT_DIRTY is not set
|
||||
CONFIG_GENERIC_EARLY_IOREMAP=y
|
||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||
CONFIG_PAGE_IDLE_FLAG=y
|
||||
@@ -2293,7 +2304,7 @@ CONFIG_SCSI_VIRTIO=m
|
||||
# CONFIG_SCSI_DH is not set
|
||||
# end of SCSI device support
|
||||
|
||||
CONFIG_ATA=m
|
||||
CONFIG_ATA=y
|
||||
CONFIG_SATA_HOST=y
|
||||
CONFIG_PATA_TIMINGS=y
|
||||
CONFIG_ATA_VERBOSE_ERROR=y
|
||||
@@ -2305,7 +2316,7 @@ CONFIG_SATA_PMP=y
|
||||
#
|
||||
# Controllers with non-SFF native interface
|
||||
#
|
||||
CONFIG_SATA_AHCI=m
|
||||
CONFIG_SATA_AHCI=y
|
||||
CONFIG_SATA_MOBILE_LPM_POLICY=0
|
||||
CONFIG_SATA_AHCI_PLATFORM=m
|
||||
# CONFIG_AHCI_DWC is not set
|
||||
@@ -5023,6 +5034,7 @@ CONFIG_MMC_BLOCK=m
|
||||
CONFIG_MMC_BLOCK_MINORS=8
|
||||
# CONFIG_SDIO_UART is not set
|
||||
CONFIG_MMC_TEST=m
|
||||
# CONFIG_MMC_CRYPTO is not set
|
||||
|
||||
#
|
||||
# MMC/SD/SDIO Host Controller Drivers
|
||||
@@ -5832,6 +5844,7 @@ CONFIG_EXPORTFS_BLOCK_OPS=y
|
||||
CONFIG_FILE_LOCKING=y
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
CONFIG_FS_ENCRYPTION_ALGS=y
|
||||
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
|
||||
CONFIG_FS_VERITY=y
|
||||
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
|
||||
CONFIG_FSNOTIFY=y
|
||||
@@ -6119,7 +6132,7 @@ CONFIG_HARDENED_USERCOPY=y
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
# CONFIG_STATIC_USERMODEHELPER is not set
|
||||
CONFIG_SECURITY_SELINUX=y
|
||||
# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
|
||||
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
CONFIG_SECURITY_SELINUX_DEVELOP=y
|
||||
CONFIG_SECURITY_SELINUX_AVC_STATS=y
|
||||
CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
|
||||
@@ -6127,7 +6140,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
|
||||
# CONFIG_SECURITY_SELINUX_DEBUG is not set
|
||||
# CONFIG_SECURITY_SMACK is not set
|
||||
# CONFIG_SECURITY_TOMOYO is not set
|
||||
# CONFIG_SECURITY_APPARMOR is not set
|
||||
CONFIG_SECURITY_APPARMOR=y
|
||||
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
|
||||
CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH=y
|
||||
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
||||
CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y
|
||||
CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y
|
||||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
CONFIG_SECURITY_SAFESETID=y
|
||||
@@ -6145,9 +6164,10 @@ CONFIG_INTEGRITY_AUDIT=y
|
||||
# CONFIG_IMA is not set
|
||||
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
|
||||
# CONFIG_EVM is not set
|
||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="selinux,safesetid,yama,lockdown,landlock,bpf"
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||
CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock"
|
||||
|
||||
#
|
||||
# Kernel hardening options
|
||||
@@ -6279,7 +6299,7 @@ CONFIG_CRYPTO_ECB=y
|
||||
CONFIG_CRYPTO_HCTR2=m
|
||||
CONFIG_CRYPTO_KEYWRAP=m
|
||||
CONFIG_CRYPTO_LRW=m
|
||||
CONFIG_CRYPTO_PCBC=y
|
||||
CONFIG_CRYPTO_PCBC=m
|
||||
CONFIG_CRYPTO_XCTR=m
|
||||
CONFIG_CRYPTO_XTS=y
|
||||
CONFIG_CRYPTO_NHPOLY1305=m
|
||||
@@ -6292,8 +6312,8 @@ CONFIG_CRYPTO_AEGIS128=m
|
||||
CONFIG_CRYPTO_CHACHA20POLY1305=m
|
||||
CONFIG_CRYPTO_CCM=m
|
||||
CONFIG_CRYPTO_GCM=m
|
||||
CONFIG_CRYPTO_GENIV=y
|
||||
CONFIG_CRYPTO_SEQIV=y
|
||||
CONFIG_CRYPTO_GENIV=m
|
||||
CONFIG_CRYPTO_SEQIV=m
|
||||
CONFIG_CRYPTO_ECHAINIV=m
|
||||
CONFIG_CRYPTO_ESSIV=m
|
||||
# end of AEAD (authenticated encryption with associated data) ciphers
|
||||
@@ -6350,8 +6370,8 @@ CONFIG_CRYPTO_ZSTD=y
|
||||
CONFIG_CRYPTO_ANSI_CPRNG=y
|
||||
CONFIG_CRYPTO_DRBG_MENU=y
|
||||
CONFIG_CRYPTO_DRBG_HMAC=y
|
||||
# CONFIG_CRYPTO_DRBG_HASH is not set
|
||||
# CONFIG_CRYPTO_DRBG_CTR is not set
|
||||
CONFIG_CRYPTO_DRBG_HASH=y
|
||||
CONFIG_CRYPTO_DRBG_CTR=y
|
||||
CONFIG_CRYPTO_DRBG=y
|
||||
CONFIG_CRYPTO_JITTERENTROPY=y
|
||||
CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64
|
||||
@@ -6396,19 +6416,19 @@ CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64=m
|
||||
CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64=m
|
||||
CONFIG_CRYPTO_CHACHA20_X86_64=m
|
||||
CONFIG_CRYPTO_CHACHA20_X86_64=y
|
||||
CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=m
|
||||
CONFIG_CRYPTO_NHPOLY1305_SSE2=m
|
||||
CONFIG_CRYPTO_NHPOLY1305_AVX2=m
|
||||
CONFIG_CRYPTO_BLAKE2S_X86=y
|
||||
CONFIG_CRYPTO_POLYVAL_CLMUL_NI=m
|
||||
CONFIG_CRYPTO_POLY1305_X86_64=m
|
||||
CONFIG_CRYPTO_POLY1305_X86_64=y
|
||||
CONFIG_CRYPTO_SHA1_SSSE3=m
|
||||
CONFIG_CRYPTO_SHA256_SSSE3=m
|
||||
CONFIG_CRYPTO_SHA512_SSSE3=m
|
||||
CONFIG_CRYPTO_SM3_AVX_X86_64=m
|
||||
CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
|
||||
CONFIG_CRYPTO_CRC32C_INTEL=m
|
||||
CONFIG_CRYPTO_CRC32C_INTEL=y
|
||||
CONFIG_CRYPTO_CRC32_PCLMUL=m
|
||||
CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
|
||||
# end of Accelerated Cryptographic Algorithms for CPU (x86)
|
||||
@@ -6489,16 +6509,16 @@ CONFIG_CRYPTO_LIB_ARC4=m
|
||||
CONFIG_CRYPTO_LIB_GF128MUL=m
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y
|
||||
CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m
|
||||
CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
|
||||
CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
|
||||
CONFIG_CRYPTO_LIB_CHACHA=m
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m
|
||||
CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=m
|
||||
CONFIG_CRYPTO_LIB_CURVE25519=m
|
||||
CONFIG_CRYPTO_LIB_DES=m
|
||||
CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m
|
||||
CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m
|
||||
CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
|
||||
CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
|
||||
CONFIG_CRYPTO_LIB_POLY1305=m
|
||||
CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
|
||||
CONFIG_CRYPTO_LIB_SHA1=y
|
||||
@@ -6641,7 +6661,7 @@ CONFIG_DEBUG_INFO_NONE=y
|
||||
# CONFIG_DEBUG_INFO_DWARF4 is not set
|
||||
# CONFIG_DEBUG_INFO_DWARF5 is not set
|
||||
CONFIG_FRAME_WARN=2048
|
||||
# CONFIG_STRIP_ASM_SYMS is not set
|
||||
CONFIG_STRIP_ASM_SYMS=y
|
||||
# CONFIG_READABLE_ASM is not set
|
||||
# CONFIG_HEADERS_INSTALL is not set
|
||||
# CONFIG_DEBUG_SECTION_MISMATCH is not set
|
||||
@@ -6738,6 +6758,7 @@ CONFIG_PANIC_ON_OOPS_VALUE=0
|
||||
CONFIG_PANIC_TIMEOUT=0
|
||||
CONFIG_LOCKUP_DETECTOR=y
|
||||
CONFIG_SOFTLOCKUP_DETECTOR=y
|
||||
CONFIG_SOFTLOCKUP_DETECTOR_INTR_STORM=y
|
||||
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
|
||||
CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y
|
||||
CONFIG_HARDLOCKUP_DETECTOR=y
|
||||
|
||||
Reference in New Issue
Block a user