Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 459196 Details for
Bug 597554
=sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM guests
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
config-4.8.15-hardened-r2-170108_10.diff
config-4.8.15-hardened-r2-170108_10.diff (text/plain), 8.41 KB, created by
miro.rovis
on 2017-01-08 17:14:33 UTC
(
hide
)
Description:
config-4.8.15-hardened-r2-170108_10.diff
Filename:
MIME Type:
Creator:
miro.rovis
Created:
2017-01-08 17:14:33 UTC
Size:
8.41 KB
patch
obsolete
>--- config-4.8.15-hardened-r2-170106_05 2017-01-08 16:27:05.000000000 +0100 >+++ config-4.8.15-hardened-r2-170108_10 2017-01-08 16:28:16.000000000 +0100 >@@ -11,8 +11,8 @@ > CONFIG_LOCKDEP_SUPPORT=y > CONFIG_STACKTRACE_SUPPORT=y > CONFIG_MMU=y >-CONFIG_ARCH_MMAP_RND_BITS_MIN=27 >-CONFIG_ARCH_MMAP_RND_BITS_MAX=27 >+CONFIG_ARCH_MMAP_RND_BITS_MIN=28 >+CONFIG_ARCH_MMAP_RND_BITS_MAX=32 > CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 > CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 > CONFIG_NEED_DMA_MAP_STATE=y >@@ -52,7 +52,7 @@ > CONFIG_INIT_ENV_ARG_LIMIT=32 > CONFIG_CROSS_COMPILE="" > # CONFIG_COMPILE_TEST is not set >-CONFIG_LOCALVERSION="-170106_05" >+CONFIG_LOCALVERSION="-170108_10" > # CONFIG_LOCALVERSION_AUTO is not set > CONFIG_HAVE_KERNEL_GZIP=y > CONFIG_HAVE_KERNEL_BZIP2=y >@@ -142,6 +142,7 @@ > CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y > CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y > CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y >+CONFIG_ARCH_SUPPORTS_INT128=y > # CONFIG_NUMA_BALANCING is not set > CONFIG_CGROUPS=y > CONFIG_PAGE_COUNTER=y >@@ -283,7 +284,7 @@ > CONFIG_ARCH_HAS_ELF_RANDOMIZE=y > CONFIG_HAVE_ARCH_MMAP_RND_BITS=y > CONFIG_HAVE_EXIT_THREAD=y >-CONFIG_ARCH_MMAP_RND_BITS=27 >+CONFIG_ARCH_MMAP_RND_BITS=28 > CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y > CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 > CONFIG_HAVE_COPY_THREAD_TLS=y >@@ -532,6 +533,7 @@ > CONFIG_HOTPLUG_CPU=y > # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set > # CONFIG_DEBUG_HOTPLUG_CPU0 is not set >+# CONFIG_COMPAT_VDSO is not set > CONFIG_LEGACY_VSYSCALL_EMULATE=y > # CONFIG_LEGACY_VSYSCALL_NONE is not set > # CONFIG_CMDLINE_BOOL is not set >@@ -3747,6 +3749,7 @@ > # Pseudo filesystems > # > CONFIG_PROC_FS=y >+# CONFIG_PROC_KCORE is not set > CONFIG_PROC_SYSCTL=y > # CONFIG_PROC_CHILDREN is not set > CONFIG_KERNFS=y >@@ -3930,6 +3933,7 @@ > # Memory Debugging > # > # CONFIG_PAGE_EXTENSION is not set >+# CONFIG_DEBUG_PAGEALLOC is not set > # CONFIG_PAGE_POISONING is not set > # CONFIG_DEBUG_OBJECTS is not set > # CONFIG_SLUB_DEBUG_ON is not set >@@ -3973,6 +3977,10 @@ > # CONFIG_DEBUG_RT_MUTEXES is not set > # CONFIG_DEBUG_SPINLOCK is not set > # CONFIG_DEBUG_MUTEXES is not set >+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set >+# CONFIG_DEBUG_LOCK_ALLOC is not set >+# CONFIG_PROVE_LOCKING is not set >+# CONFIG_LOCK_STAT is not set > # CONFIG_DEBUG_ATOMIC_SLEEP is not set > # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set > # CONFIG_LOCK_TORTURE_TEST is not set >@@ -4001,6 +4009,7 @@ > # CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set > # CONFIG_NOTIFIER_ERROR_INJECTION is not set > # CONFIG_FAULT_INJECTION is not set >+# CONFIG_LATENCYTOP is not set > CONFIG_USER_STACKTRACE_SUPPORT=y > CONFIG_HAVE_FUNCTION_TRACER=y > CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y >@@ -4104,8 +4113,7 @@ > # > # Grsecurity > # >-CONFIG_PAX_PER_CPU_PGD=y >-CONFIG_TASK_SIZE_MAX_SHIFT=42 >+CONFIG_TASK_SIZE_MAX_SHIFT=47 > CONFIG_GRKERNSEC=y > CONFIG_GRKERNSEC_CONFIG_AUTO=y > # CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set >@@ -4128,7 +4136,6 @@ > # Default Special Groups > # > CONFIG_GRKERNSEC_PROC_GID=10 >-CONFIG_GRKERNSEC_TPE_UNTRUSTED_GID=100 > CONFIG_GRKERNSEC_SYMLINKOWN_GID=1006 > > # >@@ -4138,148 +4145,89 @@ > # > # PaX > # >-CONFIG_PAX=y >- >-# >-# PaX Control >-# >-# CONFIG_PAX_SOFTMODE is not set >-# CONFIG_PAX_PT_PAX_FLAGS is not set >-CONFIG_PAX_XATTR_PAX_FLAGS=y >-CONFIG_PAX_NO_ACL_FLAGS=y >-# CONFIG_PAX_HAVE_ACL_FLAGS is not set >-# CONFIG_PAX_HOOK_ACL_FLAGS is not set >- >-# >-# Non-executable pages >-# >-CONFIG_PAX_NOEXEC=y >-CONFIG_PAX_PAGEEXEC=y >-CONFIG_PAX_EMUTRAMP=y >-CONFIG_PAX_MPROTECT=y >-# CONFIG_PAX_MPROTECT_COMPAT is not set >-# CONFIG_PAX_ELFRELOCS is not set >-CONFIG_PAX_KERNEXEC=y >-CONFIG_PAX_KERNEXEC_PLUGIN=y >-# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_NONE is not set >-CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y >-# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set >- >-# >-# Address Space Layout Randomization >-# >-CONFIG_PAX_ASLR=y >-CONFIG_PAX_RANDKSTACK=y >-CONFIG_PAX_RANDUSTACK=y >-CONFIG_PAX_RANDMMAP=y >+# CONFIG_PAX is not set > > # > # Miscellaneous hardening features > # >-CONFIG_PAX_MEMORY_SANITIZE=y >-CONFIG_PAX_MEMORY_STACKLEAK=y >-CONFIG_PAX_MEMORY_STRUCTLEAK=y >+# CONFIG_PAX_MEMORY_SANITIZE is not set >+# CONFIG_PAX_MEMORY_STACKLEAK is not set >+# CONFIG_PAX_MEMORY_STRUCTLEAK is not set > # CONFIG_PAX_MEMORY_UDEREF is not set >-CONFIG_PAX_REFCOUNT=y >+# CONFIG_PAX_REFCOUNT is not set > CONFIG_PAX_USERCOPY=y >-CONFIG_PAX_CONSTIFY_PLUGIN=y > # CONFIG_PAX_USERCOPY_DEBUG is not set >-CONFIG_PAX_SIZE_OVERFLOW=y >-CONFIG_PAX_SIZE_OVERFLOW_EXTRA=y >+# CONFIG_PAX_SIZE_OVERFLOW is not set > # CONFIG_PAX_INITIFY is not set > CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y >-CONFIG_PAX_LATENT_ENTROPY=y >-CONFIG_PAX_RAP=y >+# CONFIG_PAX_LATENT_ENTROPY is not set >+# CONFIG_PAX_RAP is not set > > # > # Memory Protections > # > # CONFIG_GRKERNSEC_KMEM is not set > # CONFIG_GRKERNSEC_IO is not set >-CONFIG_GRKERNSEC_BPF_HARDEN=y >-CONFIG_GRKERNSEC_PERF_HARDEN=y >-# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set >-CONFIG_GRKERNSEC_PROC_MEMMAP=y >-CONFIG_GRKERNSEC_KSTACKOVERFLOW=y >-CONFIG_GRKERNSEC_BRUTE=y >-CONFIG_GRKERNSEC_MODHARDEN=y >-CONFIG_GRKERNSEC_HIDESYM=y >-CONFIG_GRKERNSEC_RANDSTRUCT=y >-CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y >-CONFIG_GRKERNSEC_KERN_LOCKOUT=y >+# CONFIG_GRKERNSEC_BPF_HARDEN is not set >+# CONFIG_GRKERNSEC_PERF_HARDEN is not set >+# CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set >+# CONFIG_GRKERNSEC_BRUTE is not set >+# CONFIG_GRKERNSEC_MODHARDEN is not set >+# CONFIG_GRKERNSEC_HIDESYM is not set >+# CONFIG_GRKERNSEC_RANDSTRUCT is not set >+# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set > > # > # Role Based Access Control Options > # > # CONFIG_GRKERNSEC_NO_RBAC is not set >-CONFIG_GRKERNSEC_ACL_HIDEKERN=y >+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set > CONFIG_GRKERNSEC_ACL_MAXTRIES=3 > CONFIG_GRKERNSEC_ACL_TIMEOUT=30 > > # > # Filesystem Protections > # >-CONFIG_GRKERNSEC_PROC=y >-CONFIG_GRKERNSEC_PROC_USER=y >-CONFIG_GRKERNSEC_PROC_ADD=y >-CONFIG_GRKERNSEC_LINK=y >-CONFIG_GRKERNSEC_SYMLINKOWN=y >-CONFIG_GRKERNSEC_FIFO=y >-CONFIG_GRKERNSEC_SYSFS_RESTRICT=y >+# CONFIG_GRKERNSEC_PROC is not set >+# CONFIG_GRKERNSEC_LINK is not set >+# CONFIG_GRKERNSEC_SYMLINKOWN is not set >+# CONFIG_GRKERNSEC_FIFO is not set >+# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set > # CONFIG_GRKERNSEC_ROFS is not set >-CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y >-CONFIG_GRKERNSEC_CHROOT=y >-CONFIG_GRKERNSEC_CHROOT_MOUNT=y >-CONFIG_GRKERNSEC_CHROOT_DOUBLE=y >-CONFIG_GRKERNSEC_CHROOT_PIVOT=y >-CONFIG_GRKERNSEC_CHROOT_CHDIR=y >-CONFIG_GRKERNSEC_CHROOT_CHMOD=y >-CONFIG_GRKERNSEC_CHROOT_FCHDIR=y >-CONFIG_GRKERNSEC_CHROOT_MKNOD=y >-CONFIG_GRKERNSEC_CHROOT_SHMAT=y >-CONFIG_GRKERNSEC_CHROOT_UNIX=y >-CONFIG_GRKERNSEC_CHROOT_FINDTASK=y >-CONFIG_GRKERNSEC_CHROOT_NICE=y >-CONFIG_GRKERNSEC_CHROOT_SYSCTL=y >-CONFIG_GRKERNSEC_CHROOT_RENAME=y >-CONFIG_GRKERNSEC_CHROOT_CAPS=y >-# CONFIG_GRKERNSEC_CHROOT_INITRD is not set >+# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set >+# CONFIG_GRKERNSEC_CHROOT is not set > > # > # Kernel Auditing > # > # CONFIG_GRKERNSEC_AUDIT_GROUP is not set >-CONFIG_GRKERNSEC_EXECLOG=y >-CONFIG_GRKERNSEC_RESLOG=y >-CONFIG_GRKERNSEC_CHROOT_EXECLOG=y >-CONFIG_GRKERNSEC_AUDIT_PTRACE=y >-CONFIG_GRKERNSEC_AUDIT_CHDIR=y >-CONFIG_GRKERNSEC_AUDIT_MOUNT=y >-CONFIG_GRKERNSEC_SIGNAL=y >-CONFIG_GRKERNSEC_FORKFAIL=y >-CONFIG_GRKERNSEC_TIME=y >-CONFIG_GRKERNSEC_PROC_IPADDR=y >-CONFIG_GRKERNSEC_RWXMAP_LOG=y >+# CONFIG_GRKERNSEC_EXECLOG is not set >+# CONFIG_GRKERNSEC_RESLOG is not set >+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set >+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set >+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set >+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set >+# CONFIG_GRKERNSEC_SIGNAL is not set >+# CONFIG_GRKERNSEC_FORKFAIL is not set >+# CONFIG_GRKERNSEC_TIME is not set >+# CONFIG_GRKERNSEC_PROC_IPADDR is not set > > # > # Executable Protections > # >-CONFIG_GRKERNSEC_DMESG=y >-CONFIG_GRKERNSEC_HARDEN_PTRACE=y >-CONFIG_GRKERNSEC_PTRACE_READEXEC=y >-CONFIG_GRKERNSEC_SETXID=y >-CONFIG_GRKERNSEC_HARDEN_IPC=y >-CONFIG_GRKERNSEC_HARDEN_TTY=y >-CONFIG_GRKERNSEC_TPE=y >-CONFIG_GRKERNSEC_TPE_ALL=y >-# CONFIG_GRKERNSEC_TPE_INVERT is not set >-CONFIG_GRKERNSEC_TPE_GID=100 >+# CONFIG_GRKERNSEC_DMESG is not set >+# CONFIG_GRKERNSEC_HARDEN_PTRACE is not set >+# CONFIG_GRKERNSEC_PTRACE_READEXEC is not set >+# CONFIG_GRKERNSEC_SETXID is not set >+# CONFIG_GRKERNSEC_HARDEN_IPC is not set >+# CONFIG_GRKERNSEC_HARDEN_TTY is not set >+# CONFIG_GRKERNSEC_TPE is not set > > # > # Network Protections > # >-CONFIG_GRKERNSEC_BLACKHOLE=y >-CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y >+# CONFIG_GRKERNSEC_BLACKHOLE is not set >+# CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set > # CONFIG_GRKERNSEC_SOCKET is not set > > # >@@ -4290,8 +4238,7 @@ > # > # Sysctl Support > # >-CONFIG_GRKERNSEC_SYSCTL=y >-CONFIG_GRKERNSEC_SYSCTL_ON=y >+# CONFIG_GRKERNSEC_SYSCTL is not set > > # > # Logging Options
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 597554
:
450752
|
450754
|
450756
|
450758
|
451046
|
451082
|
451296
|
451298
|
451300
|
451310
|
451314
|
451318
|
451322
|
451328
|
451342
|
451344
|
451348
|
451350
|
451352
|
451354
|
451360
|
451362
|
451364
|
451366
|
451368
|
451370
|
452712
|
452714
|
459184
|
459188
|
459190
|
459192
|
459194
| 459196 |
459214
|
459218
|
464872
|
464920