From: Michael Tremer Date: Tue, 6 Jul 2010 20:27:01 +0000 (+0200) Subject: kernel: Update grsecurity configuration. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c22c4d8e33c55d28894a0d9feb16c2fc447c2708;p=ipfire-3.x.git kernel: Update grsecurity configuration. --- diff --git a/pkgs/core/kernel/config b/pkgs/core/kernel/config index 08ddcc66d..4b6f7a549 100644 --- a/pkgs/core/kernel/config +++ b/pkgs/core/kernel/config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.34 -# Sun Jul 4 22:17:32 2010 +# Tue Jul 6 20:16:45 2010 # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -3168,8 +3168,11 @@ CONFIG_LEDS_TRIGGER_GPIO=m # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set # CONFIG_EDAC is not set -CONFIG_RTC_LIB=m -CONFIG_RTC_CLASS=m +CONFIG_RTC_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set # # RTC interfaces @@ -3207,7 +3210,7 @@ CONFIG_RTC_DRV_RX8025=m # # Platform RTC drivers # -CONFIG_RTC_DRV_CMOS=m +CONFIG_RTC_DRV_CMOS=y CONFIG_RTC_DRV_DS1286=m CONFIG_RTC_DRV_DS1511=m CONFIG_RTC_DRV_DS1553=m @@ -3387,7 +3390,6 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" # Pseudo filesystems # CONFIG_PROC_FS=y -# CONFIG_PROC_KCORE is not set CONFIG_PROC_SYSCTL=y CONFIG_SYSFS=y CONFIG_TMPFS=y @@ -3582,15 +3584,15 @@ CONFIG_OPTIMIZE_INLINING=y CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set -# CONFIG_GRKERNSEC_HIGH is not set -CONFIG_GRKERNSEC_CUSTOM=y +CONFIG_GRKERNSEC_HIGH=y +# CONFIG_GRKERNSEC_CUSTOM is not set # # Address Space Protection # -# CONFIG_GRKERNSEC_KMEM is not set +CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_VM86=y -# CONFIG_GRKERNSEC_IO is not set +CONFIG_GRKERNSEC_IO=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y @@ -3607,7 +3609,11 @@ CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # -# CONFIG_GRKERNSEC_PROC is not set +CONFIG_GRKERNSEC_PROC=y +# CONFIG_GRKERNSEC_PROC_USER is not set +CONFIG_GRKERNSEC_PROC_USERGROUP=y +CONFIG_GRKERNSEC_PROC_GID=1001 +CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y # CONFIG_GRKERNSEC_ROFS is not set @@ -3632,15 +3638,15 @@ CONFIG_GRKERNSEC_CHROOT_CAPS=y # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set CONFIG_GRKERNSEC_RESLOG=y -CONFIG_GRKERNSEC_CHROOT_EXECLOG=y -CONFIG_GRKERNSEC_AUDIT_PTRACE=y +# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set +# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set CONFIG_GRKERNSEC_AUDIT_MOUNT=y CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y -# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set +CONFIG_GRKERNSEC_AUDIT_TEXTREL=y # # Executable Protections @@ -3661,6 +3667,7 @@ CONFIG_GRKERNSEC_BLACKHOLE=y # Sysctl support # CONFIG_GRKERNSEC_SYSCTL=y +# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set CONFIG_GRKERNSEC_SYSCTL_ON=y # @@ -3688,7 +3695,7 @@ CONFIG_PAX_HAVE_ACL_FLAGS=y # Non-executable pages # CONFIG_PAX_NOEXEC=y -# CONFIG_PAX_PAGEEXEC is not set +CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_SEGMEXEC=y CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y @@ -3708,7 +3715,7 @@ CONFIG_PAX_RANDMMAP=y # Miscellaneous hardening features # CONFIG_PAX_MEMORY_SANITIZE=y -# CONFIG_PAX_MEMORY_UDEREF is not set +CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y CONFIG_PAX_USERCOPY=y # CONFIG_KEYS is not set