From 11e6eeee4a479d58f3f26a955dbfc0a7946a7af4 Mon Sep 17 00:00:00 2001 From: inference Date: Thu, 6 Oct 2022 01:54:35 +0100 Subject: [PATCH] Set default hostname to AA000-0. Enable CPU RDRAND. Enable initialising kernel stack variables at function entry. Enable poisoning kernel stack before returning from syscalls. Enable register zeroing on function exit. Disable Kernel Self Protection Project recommendations. --- linux/.config | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/linux/.config b/linux/.config index 8c7c1ab..da96463 100644 --- a/linux/.config +++ b/linux/.config @@ -28,7 +28,7 @@ CONFIG_THREAD_INFO_IN_TASK=y CONFIG_INIT_ENV_ARG_LIMIT=32 # CONFIG_COMPILE_TEST is not set CONFIG_WERROR=y -CONFIG_LOCALVERSION="-inferencium-AA000-0-0.5.0.8" +CONFIG_LOCALVERSION="-inferencium-AA000-0-0.6.1.13" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_BUILD_SALT="" CONFIG_HAVE_KERNEL_GZIP=y @@ -46,7 +46,7 @@ CONFIG_HAVE_KERNEL_ZSTD=y # CONFIG_KERNEL_LZ4 is not set CONFIG_KERNEL_ZSTD=y CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_DEFAULT_HOSTNAME="AA000-0" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y @@ -1955,7 +1955,7 @@ CONFIG_TCG_CRB=y # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set # CONFIG_XILLYUSB is not set -# CONFIG_RANDOM_TRUST_CPU is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set # end of Character devices @@ -3678,11 +3678,12 @@ CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y -CONFIG_FORTIFY_SOURCE=y +# CONFIG_FORTIFY_SOURCE is not set CONFIG_STATIC_USERMODEHELPER=y CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper" CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y +# CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 @@ -3736,7 +3737,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set CONFIG_GCC_PLUGIN_STACKLEAK=y CONFIG_STACKLEAK_TRACK_MIN_SIZE=100 # CONFIG_STACKLEAK_METRICS is not set @@ -4244,6 +4245,7 @@ CONFIG_FTRACE=y # CONFIG_TRACER_SNAPSHOT is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set CONFIG_BLK_DEV_IO_TRACE=y CONFIG_KPROBE_EVENTS=y CONFIG_UPROBE_EVENTS=y @@ -4313,6 +4315,6 @@ CONFIG_GENTOO_LINUX_INIT_SCRIPT=y # CONFIG_GENTOO_LINUX_INIT_SYSTEMD is not set # end of Support for init systems, system and service managers -CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y +# CONFIG_GENTOO_KERNEL_SELF_PROTECTION is not set CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y # end of Gentoo Linux