Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 451310 Details for
Bug 597554
=sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM guests
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
config-4.7.9-hardened-161024_12.diff
config-4.7.9-hardened-161024_12.diff (text/plain), 5.85 KB, created by
miro.rovis
on 2016-10-24 10:59:33 UTC
(
hide
)
Description:
config-4.7.9-hardened-161024_12.diff
Filename:
MIME Type:
Creator:
miro.rovis
Created:
2016-10-24 10:59:33 UTC
Size:
5.85 KB
patch
obsolete
>14,15c14,15 >< CONFIG_ARCH_MMAP_RND_BITS_MIN=28 >< CONFIG_ARCH_MMAP_RND_BITS_MAX=32 >--- >> CONFIG_ARCH_MMAP_RND_BITS_MIN=27 >> CONFIG_ARCH_MMAP_RND_BITS_MAX=27 >56c56 >< CONFIG_LOCALVERSION="-161024_12" >--- >> CONFIG_LOCALVERSION="-161024_09" >146d145 >< CONFIG_ARCH_SUPPORTS_INT128=y >284c283 >< CONFIG_ARCH_MMAP_RND_BITS=28 >--- >> CONFIG_ARCH_MMAP_RND_BITS=27 >532d530 >< # CONFIG_COMPAT_VDSO is not set >3728d3725 >< # CONFIG_PROC_KCORE is not set >3955,3958d3951 >< # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set >< # CONFIG_DEBUG_LOCK_ALLOC is not set >< # CONFIG_PROVE_LOCKING is not set >< # CONFIG_LOCK_STAT is not set >3987d3979 >< # CONFIG_LATENCYTOP is not set >4092c4084,4086 >< CONFIG_TASK_SIZE_MAX_SHIFT=47 >--- >> CONFIG_PAX_PER_CPU_PGD=y >> CONFIG_TASK_SIZE_MAX_SHIFT=42 >> CONFIG_PAX_USERCOPY_SLABS=y >4114a4109 >> CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100 >4124,4125c4119,4127 >< # CONFIG_PAX is not set >< # CONFIG_PAX_NO_ACL_FLAGS is not set >--- >> CONFIG_PAX=y >> >> # >> # PaX Control >> # >> # CONFIG_PAX_SOFTMODE is not set >> # CONFIG_PAX_PT_PAX_FLAGS is not set >> CONFIG_PAX_XATTR_PAX_FLAGS=y >> CONFIG_PAX_NO_ACL_FLAGS=y >4127a4130,4141 >> >> # >> # Non-executable pages >> # >> CONFIG_PAX_NOEXEC=y >> CONFIG_PAX_PAGEEXEC=y >> CONFIG_PAX_EMUTRAMP=y >> CONFIG_PAX_MPROTECT=y >> # CONFIG_PAX_MPROTECT_COMPAT is not set >> # CONFIG_PAX_ELFRELOCS is not set >> CONFIG_PAX_KERNEXEC=y >> CONFIG_PAX_KERNEXEC_PLUGIN=y >4129c4143 >< # CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS is not set >--- >> CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y >4132a4147,4154 >> # Address Space Layout Randomization >> # >> CONFIG_PAX_ASLR=y >> CONFIG_PAX_RANDKSTACK=y >> CONFIG_PAX_RANDUSTACK=y >> CONFIG_PAX_RANDMMAP=y >> >> # >4136,4137c4158,4159 >< # CONFIG_PAX_MEMORY_STACKLEAK is not set >< # CONFIG_PAX_MEMORY_STRUCTLEAK is not set >--- >> CONFIG_PAX_MEMORY_STACKLEAK=y >> CONFIG_PAX_MEMORY_STRUCTLEAK=y >4139,4141c4161,4166 >< # CONFIG_PAX_REFCOUNT is not set >< # CONFIG_PAX_USERCOPY is not set >< # CONFIG_PAX_SIZE_OVERFLOW is not set >--- >> CONFIG_PAX_REFCOUNT=y >> CONFIG_PAX_CONSTIFY_PLUGIN=y >> CONFIG_PAX_USERCOPY=y >> # CONFIG_PAX_USERCOPY_DEBUG is not set >> CONFIG_PAX_SIZE_OVERFLOW=y >> CONFIG_PAX_SIZE_OVERFLOW_EXTRA=y >4143,4144c4168,4169 >< # CONFIG_PAX_LATENT_ENTROPY is not set >< # CONFIG_PAX_RAP is not set >--- >> CONFIG_PAX_LATENT_ENTROPY=y >> CONFIG_PAX_RAP=y >4151,4158c4176,4186 >< # CONFIG_GRKERNSEC_BPF_HARDEN is not set >< # CONFIG_GRKERNSEC_PERF_HARDEN is not set >< # CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set >< # CONFIG_GRKERNSEC_BRUTE is not set >< # CONFIG_GRKERNSEC_MODHARDEN is not set >< # CONFIG_GRKERNSEC_HIDESYM is not set >< # CONFIG_GRKERNSEC_RANDSTRUCT is not set >< # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set >--- >> CONFIG_GRKERNSEC_BPF_HARDEN=y >> CONFIG_GRKERNSEC_PERF_HARDEN=y >> # CONFIG_GRKERNSEC_RAND_THREADSTACK is not set >> CONFIG_GRKERNSEC_PROC_MEMMAP=y >> CONFIG_GRKERNSEC_KSTACKOVERFLOW=y >> CONFIG_GRKERNSEC_BRUTE=y >> CONFIG_GRKERNSEC_MODHARDEN=y >> CONFIG_GRKERNSEC_HIDESYM=y >> CONFIG_GRKERNSEC_RANDSTRUCT=y >> CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y >> CONFIG_GRKERNSEC_KERN_LOCKOUT=y >4164c4192 >< # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set >--- >> CONFIG_GRKERNSEC_ACL_HIDEKERN=y >4171,4175c4199,4205 >< # CONFIG_GRKERNSEC_PROC is not set >< # CONFIG_GRKERNSEC_LINK is not set >< # CONFIG_GRKERNSEC_SYMLINKOWN is not set >< # CONFIG_GRKERNSEC_FIFO is not set >< # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set >--- >> CONFIG_GRKERNSEC_PROC=y >> CONFIG_GRKERNSEC_PROC_USER=y >> CONFIG_GRKERNSEC_PROC_ADD=y >> CONFIG_GRKERNSEC_LINK=y >> CONFIG_GRKERNSEC_SYMLINKOWN=y >> CONFIG_GRKERNSEC_FIFO=y >> CONFIG_GRKERNSEC_SYSFS_RESTRICT=y >4177,4178c4207,4223 >< # CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set >< # CONFIG_GRKERNSEC_CHROOT is not set >--- >> CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y >> CONFIG_GRKERNSEC_CHROOT=y >> CONFIG_GRKERNSEC_CHROOT_MOUNT=y >> CONFIG_GRKERNSEC_CHROOT_DOUBLE=y >> CONFIG_GRKERNSEC_CHROOT_PIVOT=y >> CONFIG_GRKERNSEC_CHROOT_CHDIR=y >> CONFIG_GRKERNSEC_CHROOT_CHMOD=y >> CONFIG_GRKERNSEC_CHROOT_FCHDIR=y >> CONFIG_GRKERNSEC_CHROOT_MKNOD=y >> CONFIG_GRKERNSEC_CHROOT_SHMAT=y >> CONFIG_GRKERNSEC_CHROOT_UNIX=y >> CONFIG_GRKERNSEC_CHROOT_FINDTASK=y >> CONFIG_GRKERNSEC_CHROOT_NICE=y >> CONFIG_GRKERNSEC_CHROOT_SYSCTL=y >> CONFIG_GRKERNSEC_CHROOT_RENAME=y >> CONFIG_GRKERNSEC_CHROOT_CAPS=y >> # CONFIG_GRKERNSEC_CHROOT_INITRD is not set >4184,4193c4229,4239 >< # CONFIG_GRKERNSEC_EXECLOG is not set >< # CONFIG_GRKERNSEC_RESLOG is not set >< # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set >< # CONFIG_GRKERNSEC_AUDIT_PTRACE is not set >< # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set >< # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set >< # CONFIG_GRKERNSEC_SIGNAL is not set >< # CONFIG_GRKERNSEC_FORKFAIL is not set >< # CONFIG_GRKERNSEC_TIME is not set >< # CONFIG_GRKERNSEC_PROC_IPADDR is not set >--- >> CONFIG_GRKERNSEC_EXECLOG=y >> CONFIG_GRKERNSEC_RESLOG=y >> CONFIG_GRKERNSEC_CHROOT_EXECLOG=y >> CONFIG_GRKERNSEC_AUDIT_PTRACE=y >> CONFIG_GRKERNSEC_AUDIT_CHDIR=y >> CONFIG_GRKERNSEC_AUDIT_MOUNT=y >> CONFIG_GRKERNSEC_SIGNAL=y >> CONFIG_GRKERNSEC_FORKFAIL=y >> CONFIG_GRKERNSEC_TIME=y >> CONFIG_GRKERNSEC_PROC_IPADDR=y >> CONFIG_GRKERNSEC_RWXMAP_LOG=y >4198,4204c4244,4253 >< # CONFIG_GRKERNSEC_DMESG is not set >< # CONFIG_GRKERNSEC_HARDEN_PTRACE is not set >< # CONFIG_GRKERNSEC_PTRACE_READEXEC is not set >< # CONFIG_GRKERNSEC_SETXID is not set >< # CONFIG_GRKERNSEC_HARDEN_IPC is not set >< # CONFIG_GRKERNSEC_HARDEN_TTY is not set >< # CONFIG_GRKERNSEC_TPE is not set >--- >> CONFIG_GRKERNSEC_DMESG=y >> CONFIG_GRKERNSEC_HARDEN_PTRACE=y >> CONFIG_GRKERNSEC_PTRACE_READEXEC=y >> CONFIG_GRKERNSEC_SETXID=y >> CONFIG_GRKERNSEC_HARDEN_IPC=y >> CONFIG_GRKERNSEC_HARDEN_TTY=y >> CONFIG_GRKERNSEC_TPE=y >> CONFIG_GRKERNSEC_TPE_ALL=y >> # CONFIG_GRKERNSEC_TPE_INVERT is not set >> CONFIG_GRKERNSEC_TPE_GID=100 >4209,4210c4258,4259 >< # CONFIG_GRKERNSEC_BLACKHOLE is not set >< # CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set >--- >> CONFIG_GRKERNSEC_BLACKHOLE=y >> CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y >4221c4270,4271 >< # CONFIG_GRKERNSEC_SYSCTL is not set >--- >> CONFIG_GRKERNSEC_SYSCTL=y >> CONFIG_GRKERNSEC_SYSCTL_ON=y
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=451310">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 597554
:
450752
|
450754
|
450756
|
450758
|
451046
|
451082
|
451296
|
451298
|
451300
| 451310 |
451314
|
451318
|
451322
|
451328
|
451342
|
451344
|
451348
|
451350
|
451352
|
451354
|
451360
|
451362
|
451364
|
451366
|
451368
|
451370
|
452712
|
452714
|
459184
|
459188
|
459190
|
459192
|
459194
|
459196
|
459214
|
459218
|
464872
|
464920
