feat: hardend
This commit is contained in:
parent
adf818b9b3
commit
f6e9ef2fac
1 changed files with 28 additions and 28 deletions
|
@ -57,7 +57,7 @@ CONFIG_POSIX_MQUEUE=y
|
|||
CONFIG_POSIX_MQUEUE_SYSCTL=y
|
||||
CONFIG_WATCH_QUEUE=y
|
||||
CONFIG_CROSS_MEMORY_ATTACH=y
|
||||
CONFIG_USELIB=y
|
||||
# CONFIG_USELIB is not set
|
||||
CONFIG_AUDIT=y
|
||||
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
|
||||
CONFIG_AUDITSYSCALL=y
|
||||
|
@ -226,7 +226,7 @@ CONFIG_IPC_NS=y
|
|||
CONFIG_USER_NS=y
|
||||
CONFIG_PID_NS=y
|
||||
CONFIG_NET_NS=y
|
||||
CONFIG_CHECKPOINT_RESTORE=y
|
||||
# CONFIG_CHECKPOINT_RESTORE is not set
|
||||
CONFIG_SCHED_AUTOGROUP=y
|
||||
# CONFIG_SYSFS_DEPRECATED is not set
|
||||
CONFIG_RELAY=y
|
||||
|
@ -279,8 +279,8 @@ CONFIG_KALLSYMS_ALL=y
|
|||
CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
|
||||
CONFIG_KALLSYMS_BASE_RELATIVE=y
|
||||
CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
|
||||
CONFIG_KCMP=y
|
||||
CONFIG_RSEQ=y
|
||||
# CONFIG_KCMP is not set
|
||||
# CONFIG_RSEQ is not set
|
||||
# CONFIG_DEBUG_RSEQ is not set
|
||||
# CONFIG_EMBEDDED is not set
|
||||
CONFIG_HAVE_PERF_EVENTS=y
|
||||
|
@ -631,7 +631,7 @@ CONFIG_DPTF_PCH_FIVR=m
|
|||
CONFIG_ACPI_WATCHDOG=y
|
||||
CONFIG_ACPI_EXTLOG=m
|
||||
CONFIG_ACPI_ADXL=y
|
||||
CONFIG_ACPI_CONFIGFS=m
|
||||
# CONFIG_ACPI_CONFIGFS is not set
|
||||
# CONFIG_ACPI_PFRUT is not set
|
||||
CONFIG_ACPI_PCC=y
|
||||
# CONFIG_ACPI_FFH is not set
|
||||
|
@ -765,7 +765,7 @@ CONFIG_KEXEC_CORE=y
|
|||
CONFIG_HAVE_IMA_KEXEC=y
|
||||
CONFIG_HOTPLUG_SMT=y
|
||||
CONFIG_GENERIC_ENTRY=y
|
||||
CONFIG_KPROBES=y
|
||||
# CONFIG_KPROBES is not set
|
||||
CONFIG_JUMP_LABEL=y
|
||||
# CONFIG_STATIC_KEYS_SELFTEST is not set
|
||||
# CONFIG_STATIC_CALL_SELFTEST is not set
|
||||
|
@ -1109,7 +1109,7 @@ CONFIG_KSM=y
|
|||
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
|
||||
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
|
||||
CONFIG_MEMORY_FAILURE=y
|
||||
CONFIG_HWPOISON_INJECT=m
|
||||
# CONFIG_HWPOISON_INJECT is not set
|
||||
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
|
||||
CONFIG_ARCH_WANTS_THP_SWAP=y
|
||||
CONFIG_TRANSPARENT_HUGEPAGE=y
|
||||
|
@ -1123,7 +1123,7 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y
|
|||
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
|
||||
CONFIG_FRONTSWAP=y
|
||||
# CONFIG_CMA is not set
|
||||
CONFIG_MEM_SOFT_DIRTY=y
|
||||
# CONFIG_MEM_SOFT_DIRTY is not set
|
||||
CONFIG_GENERIC_EARLY_IOREMAP=y
|
||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||
CONFIG_PAGE_IDLE_FLAG=y
|
||||
|
@ -1148,7 +1148,7 @@ CONFIG_ARCH_HAS_PTE_SPECIAL=y
|
|||
CONFIG_MAPPING_DIRTY_HELPERS=y
|
||||
CONFIG_SECRETMEM=y
|
||||
# CONFIG_ANON_VMA_NAME is not set
|
||||
CONFIG_USERFAULTFD=y
|
||||
# CONFIG_USERFAULTFD is not set
|
||||
CONFIG_HAVE_ARCH_USERFAULTFD_WP=y
|
||||
CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y
|
||||
CONFIG_PTE_MARKER_UFFD_WP=y
|
||||
|
@ -2373,7 +2373,7 @@ CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
|
|||
CONFIG_EFI_RUNTIME_WRAPPERS=y
|
||||
CONFIG_EFI_BOOTLOADER_CONTROL=m
|
||||
CONFIG_EFI_CAPSULE_LOADER=m
|
||||
CONFIG_EFI_TEST=m
|
||||
# CONFIG_EFI_TEST is not set
|
||||
CONFIG_EFI_DEV_PATH_PARSER=y
|
||||
CONFIG_APPLE_PROPERTIES=y
|
||||
CONFIG_RESET_ATTACK_MITIGATION=y
|
||||
|
@ -2492,8 +2492,8 @@ CONFIG_MTD_DATAFLASH_OTP=y
|
|||
CONFIG_MTD_MCHP23K256=m
|
||||
CONFIG_MTD_MCHP48L640=m
|
||||
CONFIG_MTD_SST25L=m
|
||||
CONFIG_MTD_SLRAM=m
|
||||
CONFIG_MTD_PHRAM=m
|
||||
# CONFIG_MTD_SLRAM is not set
|
||||
# CONFIG_MTD_PHRAM is not set
|
||||
CONFIG_MTD_MTDRAM=m
|
||||
CONFIG_MTDRAM_TOTAL_SIZE=4096
|
||||
CONFIG_MTDRAM_ERASE_SIZE=128
|
||||
|
@ -2589,7 +2589,7 @@ CONFIG_PNP=y
|
|||
CONFIG_PNPACPI=y
|
||||
CONFIG_BLK_DEV=y
|
||||
CONFIG_BLK_DEV_NULL_BLK=m
|
||||
CONFIG_BLK_DEV_FD=m
|
||||
# CONFIG_BLK_DEV_FD is not set
|
||||
# CONFIG_BLK_DEV_FD_RAWCMD is not set
|
||||
CONFIG_CDROM=y
|
||||
CONFIG_PARIDE=m
|
||||
|
@ -4656,7 +4656,7 @@ CONFIG_IPWIRELESS=m
|
|||
CONFIG_MWAVE=m
|
||||
# CONFIG_DEVMEM is not set
|
||||
CONFIG_NVRAM=m
|
||||
CONFIG_DEVPORT=y
|
||||
# CONFIG_DEVPORT is not set
|
||||
CONFIG_HPET=y
|
||||
CONFIG_HPET_MMAP=y
|
||||
CONFIG_HPET_MMAP_DEFAULT=y
|
||||
|
@ -10584,10 +10584,10 @@ CONFIG_NTFS3_FS_POSIX_ACL=y
|
|||
#
|
||||
CONFIG_PROC_FS=y
|
||||
# CONFIG_PROC_KCORE is not set
|
||||
CONFIG_PROC_VMCORE=y
|
||||
# CONFIG_PROC_VMCORE is not set
|
||||
CONFIG_PROC_VMCORE_DEVICE_DUMP=y
|
||||
CONFIG_PROC_SYSCTL=y
|
||||
CONFIG_PROC_PAGE_MONITOR=y
|
||||
# CONFIG_PROC_PAGE_MONITOR is not set
|
||||
CONFIG_PROC_CHILDREN=y
|
||||
CONFIG_PROC_PID_ARCH_STATUS=y
|
||||
CONFIG_PROC_CPU_RESCTRL=y
|
||||
|
@ -10754,7 +10754,7 @@ CONFIG_SUNRPC_BACKCHANNEL=y
|
|||
CONFIG_SUNRPC_SWAP=y
|
||||
CONFIG_RPCSEC_GSS_KRB5=m
|
||||
CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES=y
|
||||
CONFIG_SUNRPC_DEBUG=y
|
||||
# CONFIG_SUNRPC_DEBUG is not set
|
||||
CONFIG_SUNRPC_XPRT_RDMA=m
|
||||
CONFIG_CEPH_FS=m
|
||||
CONFIG_CEPH_FSCACHE=y
|
||||
|
@ -11474,8 +11474,8 @@ CONFIG_MAGIC_SYSRQ=y
|
|||
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x01b6
|
||||
CONFIG_MAGIC_SYSRQ_SERIAL=y
|
||||
CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE=""
|
||||
CONFIG_DEBUG_FS=y
|
||||
CONFIG_DEBUG_FS_ALLOW_ALL=y
|
||||
# CONFIG_DEBUG_FS is not set
|
||||
# CONFIG_DEBUG_FS_ALLOW_ALL is not set
|
||||
# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set
|
||||
# CONFIG_DEBUG_FS_ALLOW_NONE is not set
|
||||
CONFIG_HAVE_ARCH_KGDB=y
|
||||
|
@ -11674,11 +11674,11 @@ CONFIG_RING_BUFFER=y
|
|||
CONFIG_EVENT_TRACING=y
|
||||
CONFIG_CONTEXT_SWITCH_TRACER=y
|
||||
CONFIG_TRACING=y
|
||||
CONFIG_GENERIC_TRACER=y
|
||||
# CONFIG_GENERIC_TRACER is not set
|
||||
CONFIG_TRACING_SUPPORT=y
|
||||
CONFIG_FTRACE=y
|
||||
CONFIG_BOOTTIME_TRACING=y
|
||||
CONFIG_FUNCTION_TRACER=y
|
||||
# CONFIG_FUNCTION_TRACER is not set
|
||||
CONFIG_FUNCTION_GRAPH_TRACER=y
|
||||
CONFIG_DYNAMIC_FTRACE=y
|
||||
CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
|
||||
|
@ -11686,7 +11686,7 @@ CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
|
|||
CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
|
||||
# CONFIG_FPROBE is not set
|
||||
CONFIG_FUNCTION_PROFILER=y
|
||||
CONFIG_STACK_TRACER=y
|
||||
# CONFIG_STACK_TRACER is not set
|
||||
# CONFIG_IRQSOFF_TRACER is not set
|
||||
# CONFIG_PREEMPT_TRACER is not set
|
||||
CONFIG_SCHED_TRACER=y
|
||||
|
@ -11699,10 +11699,10 @@ CONFIG_TRACER_SNAPSHOT=y
|
|||
# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
|
||||
CONFIG_BRANCH_PROFILE_NONE=y
|
||||
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
CONFIG_KPROBE_EVENTS=y
|
||||
# CONFIG_BLK_DEV_IO_TRACE is not set
|
||||
# CONFIG_KPROBE_EVENTS is not set
|
||||
# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set
|
||||
CONFIG_UPROBE_EVENTS=y
|
||||
# CONFIG_UPROBE_EVENTS is not set
|
||||
CONFIG_BPF_EVENTS=y
|
||||
CONFIG_DYNAMIC_EVENTS=y
|
||||
CONFIG_PROBE_EVENTS=y
|
||||
|
@ -11711,7 +11711,7 @@ CONFIG_FTRACE_MCOUNT_RECORD=y
|
|||
CONFIG_FTRACE_MCOUNT_USE_CC=y
|
||||
CONFIG_TRACING_MAP=y
|
||||
CONFIG_SYNTH_EVENTS=y
|
||||
CONFIG_HIST_TRIGGERS=y
|
||||
# CONFIG_HIST_TRIGGERS is not set
|
||||
CONFIG_TRACE_EVENT_INJECT=y
|
||||
# CONFIG_TRACEPOINT_BENCHMARK is not set
|
||||
# CONFIG_RING_BUFFER_BENCHMARK is not set
|
||||
|
@ -11777,7 +11777,7 @@ CONFIG_IO_DELAY_0XED=y
|
|||
# CONFIG_DEBUG_ENTRY is not set
|
||||
# CONFIG_DEBUG_NMI_SELFTEST is not set
|
||||
CONFIG_X86_DEBUG_FPU=y
|
||||
CONFIG_PUNIT_ATOM_DEBUG=m
|
||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||
# CONFIG_UNWINDER_ORC is not set
|
||||
CONFIG_UNWINDER_FRAME_POINTER=y
|
||||
# end of x86 Debugging
|
||||
|
@ -11786,7 +11786,7 @@ CONFIG_UNWINDER_FRAME_POINTER=y
|
|||
# Kernel Testing and Coverage
|
||||
#
|
||||
# CONFIG_KUNIT is not set
|
||||
CONFIG_NOTIFIER_ERROR_INJECTION=m
|
||||
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
|
||||
CONFIG_PM_NOTIFIER_ERROR_INJECT=m
|
||||
# CONFIG_NETDEV_NOTIFIER_ERROR_INJECT is not set
|
||||
CONFIG_FUNCTION_ERROR_INJECTION=y
|
||||
|
|
Reference in a new issue