Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 366464 Details for
Bug 495244
=sys-kernel/hardened-sources-3.12.6 fails to boot with RLIMIt_STACK
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
diff_harden_vanilla
file_495244.txt (text/plain), 8.16 KB, created by
Vadim A. Misbakh-Soloviov (mva)
on 2013-12-29 17:52:10 UTC
(
hide
)
Description:
diff_harden_vanilla
Filename:
MIME Type:
Creator:
Vadim A. Misbakh-Soloviov (mva)
Created:
2013-12-29 17:52:10 UTC
Size:
8.16 KB
patch
obsolete
>--- linux-3.12.6/.config 2013-12-29 19:00:33.834921351 +0400 >+++ linux-3.12.6-hardened-r2/.config 2013-12-29 21:45:32.646044784 +0400 >@@ -159,7 +159,6 @@ CONFIG_CFS_BANDWIDTH=y > CONFIG_RT_GROUP_SCHED=y > CONFIG_BLK_CGROUP=y > # CONFIG_DEBUG_BLK_CGROUP is not set >-# CONFIG_CHECKPOINT_RESTORE is not set > CONFIG_NAMESPACES=y > CONFIG_UTS_NS=y > CONFIG_IPC_NS=y >@@ -374,6 +373,7 @@ CONFIG_MCORE2=y > # CONFIG_GENERIC_CPU is not set > CONFIG_X86_INTERNODE_CACHE_SHIFT=6 > CONFIG_X86_L1_CACHE_SHIFT=6 >+CONFIG_X86_ALIGNMENT_16=y > CONFIG_X86_INTEL_USERCOPY=y > CONFIG_X86_USE_PPRO_CHECKSUM=y > CONFIG_X86_P6_NOP=y >@@ -466,7 +466,6 @@ CONFIG_KSM=y > CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 > CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y > CONFIG_MEMORY_FAILURE=y >-# CONFIG_HWPOISON_INJECT is not set > CONFIG_TRANSPARENT_HUGEPAGE=y > CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y > # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set >@@ -505,7 +504,6 @@ CONFIG_PHYSICAL_ALIGN=0x1000000 > CONFIG_HOTPLUG_CPU=y > # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set > # CONFIG_DEBUG_HOTPLUG_CPU0 is not set >-CONFIG_COMPAT_VDSO=y > # CONFIG_CMDLINE_BOOL is not set > CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y > CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y >@@ -888,6 +886,7 @@ CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y > CONFIG_NETFILTER_XT_MATCH_DSCP=y > CONFIG_NETFILTER_XT_MATCH_ECN=y > CONFIG_NETFILTER_XT_MATCH_ESP=y >+CONFIG_NETFILTER_XT_MATCH_GRADM=y > CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y > CONFIG_NETFILTER_XT_MATCH_HELPER=y > CONFIG_NETFILTER_XT_MATCH_HL=y >@@ -1733,7 +1732,12 @@ CONFIG_DEVPTS_MULTIPLE_INSTANCES=y > # CONFIG_NOZOMI is not set > # CONFIG_N_GSM is not set > # CONFIG_TRACE_SINK is not set >-CONFIG_DEVKMEM=y >+ >+# >+# KCopy >+# >+CONFIG_KCOPY=y >+# CONFIG_DEVKMEM is not set > > # > # Serial drivers >@@ -2749,10 +2753,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" > # Pseudo filesystems > # > CONFIG_PROC_FS=y >-# CONFIG_PROC_KCORE is not set >-CONFIG_PROC_VMCORE=y > CONFIG_PROC_SYSCTL=y >-CONFIG_PROC_PAGE_MONITOR=y > CONFIG_SYSFS=y > CONFIG_TMPFS=y > CONFIG_TMPFS_POSIX_ACL=y >@@ -2982,9 +2983,7 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=21 > # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set > # CONFIG_NOTIFIER_ERROR_INJECTION is not set > # CONFIG_FAULT_INJECTION is not set >-# CONFIG_LATENCYTOP is not set > CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y >-# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set > CONFIG_USER_STACKTRACE_SUPPORT=y > CONFIG_NOP_TRACER=y > CONFIG_HAVE_FUNCTION_TRACER=y >@@ -3035,7 +3034,6 @@ CONFIG_PROBE_EVENTS=y > # CONFIG_ATOMIC64_SELFTEST is not set > # CONFIG_TEST_STRING_HELPERS is not set > # CONFIG_TEST_KSTRTOX is not set >-# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set > # CONFIG_DMA_API_DEBUG is not set > # CONFIG_SAMPLES is not set > CONFIG_HAVE_ARCH_KGDB=y >@@ -3045,9 +3043,6 @@ CONFIG_X86_VERBOSE_BOOTUP=y > CONFIG_EARLY_PRINTK=y > CONFIG_EARLY_PRINTK_DBGP=y > # CONFIG_X86_PTDUMP is not set >-CONFIG_DEBUG_RODATA=y >-CONFIG_DEBUG_RODATA_TEST=y >-# CONFIG_DEBUG_SET_MODULE_RONX is not set > # CONFIG_DEBUG_NX_TEST is not set > CONFIG_DOUBLEFAULT=y > # CONFIG_DEBUG_TLBFLUSH is not set >@@ -3073,6 +3068,193 @@ CONFIG_OPTIMIZE_INLINING=y > # > # Security options > # >+ >+# >+# Grsecurity >+# >+CONFIG_TASK_SIZE_MAX_SHIFT=47 >+CONFIG_PAX_USERCOPY_SLABS=y >+CONFIG_GRKERNSEC=y >+CONFIG_GRKERNSEC_CONFIG_AUTO=y >+# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set >+CONFIG_GRKERNSEC_CONFIG_SERVER=y >+# CONFIG_GRKERNSEC_CONFIG_DESKTOP is not set >+# CONFIG_GRKERNSEC_CONFIG_VIRT_NONE is not set >+# CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST is not set >+CONFIG_GRKERNSEC_CONFIG_VIRT_HOST=y >+CONFIG_GRKERNSEC_CONFIG_VIRT_EPT=y >+# CONFIG_GRKERNSEC_CONFIG_VIRT_SOFT is not set >+CONFIG_GRKERNSEC_CONFIG_VIRT_XEN=y >+# CONFIG_GRKERNSEC_CONFIG_VIRT_VMWARE is not set >+# CONFIG_GRKERNSEC_CONFIG_VIRT_KVM is not set >+# CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX is not set >+CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF=y >+# CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY is not set >+ >+# >+# Default Special Groups >+# >+CONFIG_GRKERNSEC_PROC_GID=10 >+CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100 >+CONFIG_GRKERNSEC_SYMLINKOWN_GID=100 >+ >+# >+# Customize Configuration >+# >+ >+# >+# PaX >+# >+CONFIG_PAX=y >+ >+# >+# PaX Control >+# >+# CONFIG_PAX_SOFTMODE is not set >+# CONFIG_PAX_PT_PAX_FLAGS is not set >+CONFIG_PAX_XATTR_PAX_FLAGS=y >+# CONFIG_PAX_NO_ACL_FLAGS is not set >+CONFIG_PAX_HAVE_ACL_FLAGS=y >+# CONFIG_PAX_HOOK_ACL_FLAGS is not set >+ >+# >+# Non-executable pages >+# >+CONFIG_PAX_NOEXEC=y >+CONFIG_PAX_PAGEEXEC=y >+CONFIG_PAX_EMUTRAMP=y >+CONFIG_PAX_MPROTECT=y >+# CONFIG_PAX_MPROTECT_COMPAT is not set >+# CONFIG_PAX_ELFRELOCS is not set >+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" >+ >+# >+# Address Space Layout Randomization >+# >+CONFIG_PAX_ASLR=y >+CONFIG_PAX_RANDKSTACK=y >+CONFIG_PAX_RANDUSTACK=y >+CONFIG_PAX_RANDMMAP=y >+ >+# >+# Miscellaneous hardening features >+# >+# CONFIG_PAX_MEMORY_SANITIZE is not set >+# CONFIG_PAX_MEMORY_STACKLEAK is not set >+# CONFIG_PAX_MEMORY_STRUCTLEAK is not set >+CONFIG_PAX_REFCOUNT=y >+CONFIG_PAX_USERCOPY=y >+# CONFIG_PAX_USERCOPY_DEBUG is not set >+CONFIG_PAX_SIZE_OVERFLOW=y >+CONFIG_PAX_LATENT_ENTROPY=y >+ >+# >+# Memory Protections >+# >+# CONFIG_GRKERNSEC_KMEM is not set >+CONFIG_GRKERNSEC_IO=y >+CONFIG_GRKERNSEC_JIT_HARDEN=y >+CONFIG_GRKERNSEC_PERF_HARDEN=y >+CONFIG_GRKERNSEC_RAND_THREADSTACK=y >+CONFIG_GRKERNSEC_PROC_MEMMAP=y >+CONFIG_GRKERNSEC_BRUTE=y >+CONFIG_GRKERNSEC_MODHARDEN=y >+CONFIG_GRKERNSEC_HIDESYM=y >+CONFIG_GRKERNSEC_KERN_LOCKOUT=y >+ >+# >+# Role Based Access Control Options >+# >+# CONFIG_GRKERNSEC_NO_RBAC is not set >+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set >+CONFIG_GRKERNSEC_ACL_MAXTRIES=3 >+CONFIG_GRKERNSEC_ACL_TIMEOUT=30 >+ >+# >+# Filesystem Protections >+# >+CONFIG_GRKERNSEC_PROC=y >+# CONFIG_GRKERNSEC_PROC_USER is not set >+CONFIG_GRKERNSEC_PROC_USERGROUP=y >+CONFIG_GRKERNSEC_PROC_ADD=y >+CONFIG_GRKERNSEC_LINK=y >+CONFIG_GRKERNSEC_SYMLINKOWN=y >+CONFIG_GRKERNSEC_FIFO=y >+CONFIG_GRKERNSEC_SYSFS_RESTRICT=y >+# CONFIG_GRKERNSEC_ROFS is not set >+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y >+CONFIG_GRKERNSEC_CHROOT=y >+CONFIG_GRKERNSEC_CHROOT_MOUNT=y >+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y >+CONFIG_GRKERNSEC_CHROOT_PIVOT=y >+CONFIG_GRKERNSEC_CHROOT_CHDIR=y >+CONFIG_GRKERNSEC_CHROOT_CHMOD=y >+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y >+CONFIG_GRKERNSEC_CHROOT_MKNOD=y >+CONFIG_GRKERNSEC_CHROOT_SHMAT=y >+CONFIG_GRKERNSEC_CHROOT_UNIX=y >+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y >+CONFIG_GRKERNSEC_CHROOT_NICE=y >+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y >+CONFIG_GRKERNSEC_CHROOT_CAPS=y >+CONFIG_GRKERNSEC_CHROOT_INITRD=y >+ >+# >+# Kernel Auditing >+# >+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set >+# CONFIG_GRKERNSEC_EXECLOG is not set >+CONFIG_GRKERNSEC_RESLOG=y >+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set >+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set >+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set >+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set >+CONFIG_GRKERNSEC_SIGNAL=y >+# CONFIG_GRKERNSEC_FORKFAIL is not set >+CONFIG_GRKERNSEC_TIME=y >+CONFIG_GRKERNSEC_PROC_IPADDR=y >+CONFIG_GRKERNSEC_RWXMAP_LOG=y >+ >+# >+# Executable Protections >+# >+CONFIG_GRKERNSEC_DMESG=y >+CONFIG_GRKERNSEC_HARDEN_PTRACE=y >+CONFIG_GRKERNSEC_PTRACE_READEXEC=y >+CONFIG_GRKERNSEC_SETXID=y >+CONFIG_GRKERNSEC_HARDEN_IPC=y >+CONFIG_GRKERNSEC_TPE=y >+# CONFIG_GRKERNSEC_TPE_ALL is not set >+# CONFIG_GRKERNSEC_TPE_INVERT is not set >+CONFIG_GRKERNSEC_TPE_GID=100 >+ >+# >+# Network Protections >+# >+CONFIG_GRKERNSEC_RANDNET=y >+CONFIG_GRKERNSEC_BLACKHOLE=y >+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y >+# CONFIG_GRKERNSEC_SOCKET is not set >+ >+# >+# Physical Protections >+# >+CONFIG_GRKERNSEC_DENYUSB=y >+# CONFIG_GRKERNSEC_DENYUSB_FORCE is not set >+ >+# >+# Sysctl Support >+# >+CONFIG_GRKERNSEC_SYSCTL=y >+# CONFIG_GRKERNSEC_SYSCTL_DISTRO is not set >+CONFIG_GRKERNSEC_SYSCTL_ON=y >+ >+# >+# Logging Options >+# >+# CONFIG_GRKERNSEC_SELINUX_AVC_LOG_IPADDR is not set >+CONFIG_GRKERNSEC_FLOODTIME=10 >+CONFIG_GRKERNSEC_FLOODBURST=6 > CONFIG_KEYS=y > # CONFIG_ENCRYPTED_KEYS is not set > CONFIG_KEYS_DEBUG_PROC_KEYS=y >@@ -3094,7 +3276,6 @@ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VAL > # CONFIG_SECURITY_SMACK is not set > # CONFIG_SECURITY_TOMOYO is not set > # CONFIG_SECURITY_APPARMOR is not set >-# CONFIG_SECURITY_YAMA is not set > # CONFIG_IMA is not set > # CONFIG_EVM is not set > CONFIG_DEFAULT_SECURITY_SELINUX=y
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=366464">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 495244
:
366104
|
366106
|
366108
|
366110
| 366464
