From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 1 Feb 2009 16:52:04 +0000 (+0100)
Subject: Enabled grsec settings as they are on level "high".
X-Git-Tag: v3.0-alpha1~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28fa6da1e708789e42dcd73570773545642a403d;p=ipfire-3.x.git

Enabled grsec settings as they are on level "high".
---

diff --git a/config/kernel/kernel.config b/config/kernel/kernel.config
index 2ae916cde..39cb26346 100644
--- a/config/kernel/kernel.config
+++ b/config/kernel/kernel.config
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.27.10
-# Thu Jan  1 16:37:22 2009
+# Sun Feb  1 16:50:44 2009
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -94,8 +94,6 @@ CONFIG_SYSCTL=y
 # CONFIG_EMBEDDED is not set
 CONFIG_UID16=y
 CONFIG_SYSCTL_SYSCALL=y
-CONFIG_KALLSYMS=y
-# CONFIG_KALLSYMS_EXTRA_PASS is not set
 CONFIG_HOTPLUG=y
 CONFIG_PRINTK=y
 CONFIG_BUG=y
@@ -119,7 +117,6 @@ CONFIG_PROFILING=y
 # CONFIG_MARKERS is not set
 CONFIG_OPROFILE=y
 CONFIG_HAVE_OPROFILE=y
-# CONFIG_KPROBES is not set
 CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
 CONFIG_HAVE_IOREMAP_PROT=y
 CONFIG_HAVE_KPROBES=y
@@ -252,11 +249,11 @@ CONFIG_MICROCODE=y
 CONFIG_MICROCODE_OLD_INTERFACE=y
 CONFIG_X86_MSR=y
 CONFIG_X86_CPUID=y
-# CONFIG_NOHIGHMEM is not set
-CONFIG_HIGHMEM4G=y
+CONFIG_NOHIGHMEM=y
+# CONFIG_HIGHMEM4G is not set
 # CONFIG_HIGHMEM64G is not set
 CONFIG_PAGE_OFFSET=0xC0000000
-CONFIG_HIGHMEM=y
+# CONFIG_X86_PAE is not set
 CONFIG_SELECT_MEMORY_MODEL=y
 CONFIG_FLATMEM_MANUAL=y
 # CONFIG_DISCONTIGMEM_MANUAL is not set
@@ -271,7 +268,6 @@ CONFIG_RESOURCES_64BIT=y
 CONFIG_ZONE_DMA_FLAG=1
 CONFIG_BOUNCE=y
 CONFIG_VIRT_TO_BUS=y
-# CONFIG_HIGHPTE is not set
 CONFIG_X86_RESERVE_LOW_64K=y
 # CONFIG_MATH_EMULATION is not set
 CONFIG_MTRR=y
@@ -287,12 +283,10 @@ CONFIG_HZ_250=y
 CONFIG_HZ=250
 CONFIG_SCHED_HRTICK=y
 # CONFIG_KEXEC is not set
-# CONFIG_CRASH_DUMP is not set
 CONFIG_PHYSICAL_START=0x200000
 # CONFIG_RELOCATABLE is not set
 CONFIG_PHYSICAL_ALIGN=0x100000
 # CONFIG_HOTPLUG_CPU is not set
-CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
 
 #
 # Power management options
@@ -2354,10 +2348,10 @@ CONFIG_GRKERNSEC_CUSTOM=y
 #
 CONFIG_GRKERNSEC_KMEM=y
 # CONFIG_GRKERNSEC_IO is not set
-# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODSTOP=y
-# CONFIG_GRKERNSEC_HIDESYM is not set
+CONFIG_GRKERNSEC_HIDESYM=y
 
 #
 # Role Based Access Control Options
@@ -2371,9 +2365,7 @@ CONFIG_GRKERNSEC_ACL_TIMEOUT=30
 #
 CONFIG_GRKERNSEC_PROC=y
 # CONFIG_GRKERNSEC_PROC_USER is not set
-CONFIG_GRKERNSEC_PROC_USERGROUP=y
-CONFIG_GRKERNSEC_PROC_GID=112
-# CONFIG_GRKERNSEC_PROC_ADD is not set
+# CONFIG_GRKERNSEC_PROC_USERGROUP is not set
 CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
 CONFIG_GRKERNSEC_CHROOT=y
@@ -2381,30 +2373,31 @@ CONFIG_GRKERNSEC_CHROOT_MOUNT=y
 CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
 CONFIG_GRKERNSEC_CHROOT_PIVOT=y
 CONFIG_GRKERNSEC_CHROOT_CHDIR=y
-# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
-# CONFIG_GRKERNSEC_CHROOT_FCHDIR is not set
-# CONFIG_GRKERNSEC_CHROOT_MKNOD is not set
-# CONFIG_GRKERNSEC_CHROOT_SHMAT is not set
+CONFIG_GRKERNSEC_CHROOT_CHMOD=y
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+CONFIG_GRKERNSEC_CHROOT_MKNOD=y
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
 CONFIG_GRKERNSEC_CHROOT_UNIX=y
-# CONFIG_GRKERNSEC_CHROOT_FINDTASK is not set
-# CONFIG_GRKERNSEC_CHROOT_NICE is not set
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
 CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
-# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
+CONFIG_GRKERNSEC_CHROOT_CAPS=y
 
 #
 # Kernel Auditing
 #
 # CONFIG_GRKERNSEC_AUDIT_GROUP is not set
 # CONFIG_GRKERNSEC_EXECLOG is not set
-# CONFIG_GRKERNSEC_RESLOG is not set
+CONFIG_GRKERNSEC_RESLOG=y
 # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
 # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
-# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+CONFIG_GRKERNSEC_AUDIT_MOUNT=y
 # CONFIG_GRKERNSEC_AUDIT_IPC is not set
 CONFIG_GRKERNSEC_SIGNAL=y
 CONFIG_GRKERNSEC_FORKFAIL=y
 CONFIG_GRKERNSEC_TIME=y
 CONFIG_GRKERNSEC_PROC_IPADDR=y
+# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
 
 #
 # Executable Protections
@@ -2439,7 +2432,7 @@ CONFIG_PAX=y
 #
 # PaX Control
 #
-CONFIG_PAX_SOFTMODE=y
+# CONFIG_PAX_SOFTMODE is not set
 CONFIG_PAX_EI_PAX=y
 CONFIG_PAX_PT_PAX_FLAGS=y
 # CONFIG_PAX_NO_ACL_FLAGS is not set
@@ -2453,14 +2446,15 @@ CONFIG_PAX_NOEXEC=y
 CONFIG_PAX_PAGEEXEC=y
 CONFIG_PAX_SEGMEXEC=y
 # CONFIG_PAX_EMUTRAMP is not set
-# CONFIG_PAX_MPROTECT is not set
-# CONFIG_PAX_KERNEXEC is not set
+CONFIG_PAX_MPROTECT=y
+# CONFIG_PAX_NOELFRELOCS is not set
+CONFIG_PAX_KERNEXEC=y
 
 #
 # Address Space Layout Randomization
 #
 CONFIG_PAX_ASLR=y
-# CONFIG_PAX_RANDKSTACK is not set
+CONFIG_PAX_RANDKSTACK=y
 CONFIG_PAX_RANDUSTACK=y
 CONFIG_PAX_RANDMMAP=y
 
@@ -2468,7 +2462,7 @@ CONFIG_PAX_RANDMMAP=y
 # Miscellaneous hardening features
 #
 CONFIG_PAX_MEMORY_SANITIZE=y
-# CONFIG_PAX_MEMORY_UDEREF is not set
+CONFIG_PAX_MEMORY_UDEREF=y
 CONFIG_PAX_REFCOUNT=y
 # CONFIG_KEYS is not set
 CONFIG_SECURITY=y