kernel security changes for xeon
This commit is contained in:
parent
12f588017d
commit
9205a1550b
23
.config.xeon
23
.config.xeon
|
@ -1,6 +1,6 @@
|
||||||
#
|
#
|
||||||
# Automatically generated file; DO NOT EDIT.
|
# Automatically generated file; DO NOT EDIT.
|
||||||
# Linux/x86 3.10.4-hardened-r2 Kernel Configuration
|
# Linux/x86 3.10.9-hardened-r1 Kernel Configuration
|
||||||
#
|
#
|
||||||
CONFIG_64BIT=y
|
CONFIG_64BIT=y
|
||||||
CONFIG_X86_64=y
|
CONFIG_X86_64=y
|
||||||
|
@ -2696,8 +2696,8 @@ CONFIG_PAX=y
|
||||||
# CONFIG_PAX_SOFTMODE is not set
|
# CONFIG_PAX_SOFTMODE is not set
|
||||||
CONFIG_PAX_PT_PAX_FLAGS=y
|
CONFIG_PAX_PT_PAX_FLAGS=y
|
||||||
# CONFIG_PAX_XATTR_PAX_FLAGS is not set
|
# CONFIG_PAX_XATTR_PAX_FLAGS is not set
|
||||||
# CONFIG_PAX_NO_ACL_FLAGS is not set
|
CONFIG_PAX_NO_ACL_FLAGS=y
|
||||||
CONFIG_PAX_HAVE_ACL_FLAGS=y
|
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
|
||||||
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
|
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -2727,22 +2727,22 @@ CONFIG_PAX_RANDMMAP=y
|
||||||
#
|
#
|
||||||
CONFIG_PAX_MEMORY_SANITIZE=y
|
CONFIG_PAX_MEMORY_SANITIZE=y
|
||||||
CONFIG_PAX_MEMORY_STACKLEAK=y
|
CONFIG_PAX_MEMORY_STACKLEAK=y
|
||||||
# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
|
CONFIG_PAX_MEMORY_STRUCTLEAK=y
|
||||||
CONFIG_PAX_MEMORY_UDEREF=y
|
CONFIG_PAX_MEMORY_UDEREF=y
|
||||||
CONFIG_PAX_REFCOUNT=y
|
CONFIG_PAX_REFCOUNT=y
|
||||||
CONFIG_PAX_CONSTIFY_PLUGIN=y
|
CONFIG_PAX_CONSTIFY_PLUGIN=y
|
||||||
CONFIG_PAX_USERCOPY=y
|
CONFIG_PAX_USERCOPY=y
|
||||||
# CONFIG_PAX_USERCOPY_DEBUG is not set
|
# CONFIG_PAX_USERCOPY_DEBUG is not set
|
||||||
CONFIG_PAX_SIZE_OVERFLOW=y
|
CONFIG_PAX_SIZE_OVERFLOW=y
|
||||||
# CONFIG_PAX_LATENT_ENTROPY is not set
|
CONFIG_PAX_LATENT_ENTROPY=y
|
||||||
|
|
||||||
#
|
#
|
||||||
# Memory Protections
|
# Memory Protections
|
||||||
#
|
#
|
||||||
CONFIG_GRKERNSEC_KMEM=y
|
CONFIG_GRKERNSEC_KMEM=y
|
||||||
CONFIG_GRKERNSEC_IO=y
|
CONFIG_GRKERNSEC_IO=y
|
||||||
# CONFIG_GRKERNSEC_PERF_HARDEN is not set
|
CONFIG_GRKERNSEC_PERF_HARDEN=y
|
||||||
# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set
|
CONFIG_GRKERNSEC_RAND_THREADSTACK=y
|
||||||
CONFIG_GRKERNSEC_PROC_MEMMAP=y
|
CONFIG_GRKERNSEC_PROC_MEMMAP=y
|
||||||
CONFIG_GRKERNSEC_BRUTE=y
|
CONFIG_GRKERNSEC_BRUTE=y
|
||||||
CONFIG_GRKERNSEC_MODHARDEN=y
|
CONFIG_GRKERNSEC_MODHARDEN=y
|
||||||
|
@ -2766,7 +2766,7 @@ CONFIG_GRKERNSEC_LINK=y
|
||||||
CONFIG_GRKERNSEC_FIFO=y
|
CONFIG_GRKERNSEC_FIFO=y
|
||||||
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
|
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
|
||||||
CONFIG_GRKERNSEC_ROFS=y
|
CONFIG_GRKERNSEC_ROFS=y
|
||||||
# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
|
CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
|
||||||
CONFIG_GRKERNSEC_CHROOT=y
|
CONFIG_GRKERNSEC_CHROOT=y
|
||||||
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
|
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
|
||||||
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
|
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
|
||||||
|
@ -2812,9 +2812,14 @@ CONFIG_GRKERNSEC_SETXID=y
|
||||||
#
|
#
|
||||||
CONFIG_GRKERNSEC_RANDNET=y
|
CONFIG_GRKERNSEC_RANDNET=y
|
||||||
CONFIG_GRKERNSEC_BLACKHOLE=y
|
CONFIG_GRKERNSEC_BLACKHOLE=y
|
||||||
# CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set
|
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
|
||||||
# CONFIG_GRKERNSEC_SOCKET is not set
|
# CONFIG_GRKERNSEC_SOCKET is not set
|
||||||
|
|
||||||
|
#
|
||||||
|
# Physical Protections
|
||||||
|
#
|
||||||
|
# CONFIG_GRKERNSEC_DENYUSB is not set
|
||||||
|
|
||||||
#
|
#
|
||||||
# Sysctl Support
|
# Sysctl Support
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue