kernel: Update grsecurity configuration.

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)
diff --git a/pkgs/core/kernel/config b/pkgs/core/kernel/config

index 08ddcc66de24c8dbc4c46cbbbf90d271cdb0adf0..4b6f7a549a1b7dbc1dc965335d84d787655cc28b 100644 (file)
--- a/pkgs/core/kernel/config
+++ b/pkgs/core/kernel/config
@@ -1,7 +1,7 @@
  #
  # Automatically generated make config: don't edit
  # Linux kernel version: 2.6.34
-# Sun Jul  4 22:17:32 2010
+# Tue Jul  6 20:16:45 2010
  #
  # CONFIG_64BIT is not set
  CONFIG_X86_32=y
@@ -3168,8 +3168,11 @@ CONFIG_LEDS_TRIGGER_GPIO=m
  # CONFIG_ACCESSIBILITY is not set
  # CONFIG_INFINIBAND is not set
  # CONFIG_EDAC is not set
-CONFIG_RTC_LIB=m
-CONFIG_RTC_CLASS=m
+CONFIG_RTC_LIB=y
+CONFIG_RTC_CLASS=y
+CONFIG_RTC_HCTOSYS=y
+CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
+# CONFIG_RTC_DEBUG is not set
  
  #
  # RTC interfaces
@@ -3207,7 +3210,7 @@ CONFIG_RTC_DRV_RX8025=m
  #
  # Platform RTC drivers
  #
-CONFIG_RTC_DRV_CMOS=m
+CONFIG_RTC_DRV_CMOS=y
  CONFIG_RTC_DRV_DS1286=m
  CONFIG_RTC_DRV_DS1511=m
  CONFIG_RTC_DRV_DS1553=m
@@ -3387,7 +3390,6 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
  # Pseudo filesystems
  #
  CONFIG_PROC_FS=y
-# CONFIG_PROC_KCORE is not set
  CONFIG_PROC_SYSCTL=y
  CONFIG_SYSFS=y
  CONFIG_TMPFS=y
@@ -3582,15 +3584,15 @@ CONFIG_OPTIMIZE_INLINING=y
  CONFIG_GRKERNSEC=y
  # CONFIG_GRKERNSEC_LOW is not set
  # CONFIG_GRKERNSEC_MEDIUM is not set
-# CONFIG_GRKERNSEC_HIGH is not set
-CONFIG_GRKERNSEC_CUSTOM=y
+CONFIG_GRKERNSEC_HIGH=y
+# CONFIG_GRKERNSEC_CUSTOM is not set
  
  #
  # Address Space Protection
  #
-# CONFIG_GRKERNSEC_KMEM is not set
+CONFIG_GRKERNSEC_KMEM=y
  CONFIG_GRKERNSEC_VM86=y
-# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_IO=y
  CONFIG_GRKERNSEC_PROC_MEMMAP=y
  CONFIG_GRKERNSEC_BRUTE=y
  CONFIG_GRKERNSEC_MODHARDEN=y
@@ -3607,7 +3609,11 @@ CONFIG_GRKERNSEC_ACL_TIMEOUT=30
  #
  # Filesystem Protections
  #
-# CONFIG_GRKERNSEC_PROC is not set
+CONFIG_GRKERNSEC_PROC=y
+# CONFIG_GRKERNSEC_PROC_USER is not set
+CONFIG_GRKERNSEC_PROC_USERGROUP=y
+CONFIG_GRKERNSEC_PROC_GID=1001
+CONFIG_GRKERNSEC_PROC_ADD=y
  CONFIG_GRKERNSEC_LINK=y
  CONFIG_GRKERNSEC_FIFO=y
  # CONFIG_GRKERNSEC_ROFS is not set
@@ -3632,15 +3638,15 @@ CONFIG_GRKERNSEC_CHROOT_CAPS=y
  # CONFIG_GRKERNSEC_AUDIT_GROUP is not set
  # CONFIG_GRKERNSEC_EXECLOG is not set
  CONFIG_GRKERNSEC_RESLOG=y
-CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
-CONFIG_GRKERNSEC_AUDIT_PTRACE=y
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
  # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
  CONFIG_GRKERNSEC_AUDIT_MOUNT=y
  CONFIG_GRKERNSEC_SIGNAL=y
  CONFIG_GRKERNSEC_FORKFAIL=y
  CONFIG_GRKERNSEC_TIME=y
  CONFIG_GRKERNSEC_PROC_IPADDR=y
-# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
+CONFIG_GRKERNSEC_AUDIT_TEXTREL=y
  
  #
  # Executable Protections
@@ -3661,6 +3667,7 @@ CONFIG_GRKERNSEC_BLACKHOLE=y
  # Sysctl support
  #
  CONFIG_GRKERNSEC_SYSCTL=y
+# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set
  CONFIG_GRKERNSEC_SYSCTL_ON=y
  
  #
@@ -3688,7 +3695,7 @@ CONFIG_PAX_HAVE_ACL_FLAGS=y
  # Non-executable pages
  #
  CONFIG_PAX_NOEXEC=y
-# CONFIG_PAX_PAGEEXEC is not set
+CONFIG_PAX_PAGEEXEC=y
  CONFIG_PAX_SEGMEXEC=y
  CONFIG_PAX_EMUTRAMP=y
  CONFIG_PAX_MPROTECT=y
@@ -3708,7 +3715,7 @@ CONFIG_PAX_RANDMMAP=y
  # Miscellaneous hardening features
  #
  CONFIG_PAX_MEMORY_SANITIZE=y
-# CONFIG_PAX_MEMORY_UDEREF is not set
+CONFIG_PAX_MEMORY_UDEREF=y
  CONFIG_PAX_REFCOUNT=y
  CONFIG_PAX_USERCOPY=y
  # CONFIG_KEYS is not set
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 6 Jul 2010 20:27:01 +0000 (22:27 +0200)