kernel security changes for xeon

This commit is contained in:
Kolan Sh 2013-09-06 17:35:48 +04:00
parent 12f588017d
commit 9205a1550b
1 changed files with 14 additions and 9 deletions

View File

@ -1,6 +1,6 @@
# #
# Automatically generated file; DO NOT EDIT. # Automatically generated file; DO NOT EDIT.
# Linux/x86 3.10.4-hardened-r2 Kernel Configuration # Linux/x86 3.10.9-hardened-r1 Kernel Configuration
# #
CONFIG_64BIT=y CONFIG_64BIT=y
CONFIG_X86_64=y CONFIG_X86_64=y
@ -2696,8 +2696,8 @@ CONFIG_PAX=y
# CONFIG_PAX_SOFTMODE is not set # CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_PT_PAX_FLAGS=y CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_XATTR_PAX_FLAGS is not set # CONFIG_PAX_XATTR_PAX_FLAGS is not set
# CONFIG_PAX_NO_ACL_FLAGS is not set CONFIG_PAX_NO_ACL_FLAGS=y
CONFIG_PAX_HAVE_ACL_FLAGS=y # CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set # CONFIG_PAX_HOOK_ACL_FLAGS is not set
# #
@ -2727,22 +2727,22 @@ CONFIG_PAX_RANDMMAP=y
# #
CONFIG_PAX_MEMORY_SANITIZE=y CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_STACKLEAK=y CONFIG_PAX_MEMORY_STACKLEAK=y
# CONFIG_PAX_MEMORY_STRUCTLEAK is not set CONFIG_PAX_MEMORY_STRUCTLEAK=y
CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_CONSTIFY_PLUGIN=y
CONFIG_PAX_USERCOPY=y CONFIG_PAX_USERCOPY=y
# CONFIG_PAX_USERCOPY_DEBUG is not set # CONFIG_PAX_USERCOPY_DEBUG is not set
CONFIG_PAX_SIZE_OVERFLOW=y CONFIG_PAX_SIZE_OVERFLOW=y
# CONFIG_PAX_LATENT_ENTROPY is not set CONFIG_PAX_LATENT_ENTROPY=y
# #
# Memory Protections # Memory Protections
# #
CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y CONFIG_GRKERNSEC_IO=y
# CONFIG_GRKERNSEC_PERF_HARDEN is not set CONFIG_GRKERNSEC_PERF_HARDEN=y
# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set CONFIG_GRKERNSEC_RAND_THREADSTACK=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y CONFIG_GRKERNSEC_MODHARDEN=y
@ -2766,7 +2766,7 @@ CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_FIFO=y
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
CONFIG_GRKERNSEC_ROFS=y CONFIG_GRKERNSEC_ROFS=y
# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
@ -2812,9 +2812,14 @@ CONFIG_GRKERNSEC_SETXID=y
# #
CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y CONFIG_GRKERNSEC_BLACKHOLE=y
# CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
# CONFIG_GRKERNSEC_SOCKET is not set # CONFIG_GRKERNSEC_SOCKET is not set
#
# Physical Protections
#
# CONFIG_GRKERNSEC_DENYUSB is not set
# #
# Sysctl Support # Sysctl Support
# #