Attachment #459214 for bug #597554

View | Details | Raw Unified | Return to bug 597554 | Differences between
Collapse All | Expand All




CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_MMU=y
CONFIG_ARCH_MMAP_RND_BITS_MIN=28
CONFIG_ARCH_MMAP_RND_BITS_MAX=32
CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
CONFIG_NEED_DMA_MAP_STATE=y

CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=""
# CONFIG_COMPILE_TEST is not set
CONFIG_LOCALVERSION="-170108_18"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y

CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_ARCH_SUPPORTS_INT128=y
# CONFIG_NUMA_BALANCING is not set
CONFIG_CGROUPS=y
CONFIG_PAGE_COUNTER=y

CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
CONFIG_HAVE_EXIT_THREAD=y
CONFIG_ARCH_MMAP_RND_BITS=28
CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
CONFIG_HAVE_COPY_THREAD_TLS=y

CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
# CONFIG_COMPAT_VDSO is not set
CONFIG_LEGACY_VSYSCALL_EMULATE=y
# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set

# Pseudo filesystems
#
CONFIG_PROC_FS=y
# CONFIG_PROC_KCORE is not set
CONFIG_PROC_SYSCTL=y
# CONFIG_PROC_CHILDREN is not set
CONFIG_KERNFS=y

# Memory Debugging
#
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_PAGE_POISONING is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set

# CONFIG_DEBUG_RT_MUTEXES is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_MUTEXES is not set
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
# CONFIG_DEBUG_LOCK_ALLOC is not set
# CONFIG_PROVE_LOCKING is not set
# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
# CONFIG_LOCK_TORTURE_TEST is not set

# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
# CONFIG_LATENCYTOP is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y

#
# Grsecurity
#
CONFIG_TASK_SIZE_MAX_SHIFT=47
CONFIG_TASK_SIZE_MAX_SHIFT=42
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CONFIG_AUTO=y
# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set

#
# PaX
#
# CONFIG_PAX is not set

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
# CONFIG_PAX_PT_PAX_FLAGS is not set
CONFIG_PAX_XATTR_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_MPROTECT_COMPAT is not set
# CONFIG_PAX_ELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_KERNEXEC_PLUGIN=y
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_NONE is not set
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_STACKLEAK is not set
# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# CONFIG_PAX_REFCOUNT is not set
CONFIG_PAX_USERCOPY=y
CONFIG_PAX_CONSTIFY_PLUGIN=y
# CONFIG_PAX_USERCOPY_DEBUG is not set
# CONFIG_PAX_SIZE_OVERFLOW is not set
CONFIG_PAX_SIZE_OVERFLOW_EXTRA=y
# CONFIG_PAX_INITIFY is not set
CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y
# CONFIG_PAX_LATENT_ENTROPY is not set
# CONFIG_PAX_RAP is not set

#
# Memory Protections
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
# CONFIG_GRKERNSEC_BPF_HARDEN is not set
# CONFIG_GRKERNSEC_PERF_HARDEN is not set
# CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set
# CONFIG_GRKERNSEC_BRUTE is not set
# CONFIG_GRKERNSEC_MODHARDEN is not set
# CONFIG_GRKERNSEC_HIDESYM is not set
# CONFIG_GRKERNSEC_RANDSTRUCT is not set
# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
CONFIG_GRKERNSEC_RANDSTRUCT=y
CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y
CONFIG_GRKERNSEC_KERN_LOCKOUT=y

#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_NO_RBAC is not set
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
# CONFIG_GRKERNSEC_PROC is not set
# CONFIG_GRKERNSEC_LINK is not set
# CONFIG_GRKERNSEC_SYMLINKOWN is not set
# CONFIG_GRKERNSEC_FIFO is not set
# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
# CONFIG_GRKERNSEC_ROFS is not set
# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
# CONFIG_GRKERNSEC_CHROOT is not set
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_RENAME=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_CHROOT_INITRD is not set

#
# Kernel Auditing

CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_RWXMAP_LOG=y

#
# Executable Protections

Return to bug 597554

Lines 11-18 Link Here

(-)config-4.8.15-hardened-r2-170106_05 (-86 / +38 lines)
11	CONFIG_LOCKDEP_SUPPORT=y	11	CONFIG_LOCKDEP_SUPPORT=y
12	CONFIG_STACKTRACE_SUPPORT=y	12	CONFIG_STACKTRACE_SUPPORT=y
13	CONFIG_MMU=y	13	CONFIG_MMU=y
14	CONFIG_ARCH_MMAP_RND_BITS_MIN=27	14	CONFIG_ARCH_MMAP_RND_BITS_MIN=28
15	CONFIG_ARCH_MMAP_RND_BITS_MAX=27	15	CONFIG_ARCH_MMAP_RND_BITS_MAX=32
16	CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8	16	CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
17	CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16	17	CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
18	CONFIG_NEED_DMA_MAP_STATE=y	18	CONFIG_NEED_DMA_MAP_STATE=y
Lines 52-58 Link Here
52	CONFIG_INIT_ENV_ARG_LIMIT=32	52	CONFIG_INIT_ENV_ARG_LIMIT=32
53	CONFIG_CROSS_COMPILE=""	53	CONFIG_CROSS_COMPILE=""
54	# CONFIG_COMPILE_TEST is not set	54	# CONFIG_COMPILE_TEST is not set
55	CONFIG_LOCALVERSION="-170106_05"	55	CONFIG_LOCALVERSION="-170108_18"
56	# CONFIG_LOCALVERSION_AUTO is not set	56	# CONFIG_LOCALVERSION_AUTO is not set
57	CONFIG_HAVE_KERNEL_GZIP=y	57	CONFIG_HAVE_KERNEL_GZIP=y
58	CONFIG_HAVE_KERNEL_BZIP2=y	58	CONFIG_HAVE_KERNEL_BZIP2=y
Lines 142-147 Link Here
142	CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y	142	CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
143	CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y	143	CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
144	CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y	144	CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
		145	CONFIG_ARCH_SUPPORTS_INT128=y
145	# CONFIG_NUMA_BALANCING is not set	146	# CONFIG_NUMA_BALANCING is not set
146	CONFIG_CGROUPS=y	147	CONFIG_CGROUPS=y
147	CONFIG_PAGE_COUNTER=y	148	CONFIG_PAGE_COUNTER=y
Lines 283-289 Link Here
283	CONFIG_ARCH_HAS_ELF_RANDOMIZE=y	284	CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
284	CONFIG_HAVE_ARCH_MMAP_RND_BITS=y	285	CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
285	CONFIG_HAVE_EXIT_THREAD=y	286	CONFIG_HAVE_EXIT_THREAD=y
286	CONFIG_ARCH_MMAP_RND_BITS=27	287	CONFIG_ARCH_MMAP_RND_BITS=28
287	CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y	288	CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
288	CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8	289	CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
289	CONFIG_HAVE_COPY_THREAD_TLS=y	290	CONFIG_HAVE_COPY_THREAD_TLS=y
Lines 532-537 Link Here
532	CONFIG_HOTPLUG_CPU=y	533	CONFIG_HOTPLUG_CPU=y
533	# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set	534	# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
534	# CONFIG_DEBUG_HOTPLUG_CPU0 is not set	535	# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
		536	# CONFIG_COMPAT_VDSO is not set
535	CONFIG_LEGACY_VSYSCALL_EMULATE=y	537	CONFIG_LEGACY_VSYSCALL_EMULATE=y
536	# CONFIG_LEGACY_VSYSCALL_NONE is not set	538	# CONFIG_LEGACY_VSYSCALL_NONE is not set
537	# CONFIG_CMDLINE_BOOL is not set	539	# CONFIG_CMDLINE_BOOL is not set
Lines 3747-3752 Link Here
3747	# Pseudo filesystems	3749	# Pseudo filesystems
3748	#	3750	#
3749	CONFIG_PROC_FS=y	3751	CONFIG_PROC_FS=y
		3752	# CONFIG_PROC_KCORE is not set
3750	CONFIG_PROC_SYSCTL=y	3753	CONFIG_PROC_SYSCTL=y
3751	# CONFIG_PROC_CHILDREN is not set	3754	# CONFIG_PROC_CHILDREN is not set
3752	CONFIG_KERNFS=y	3755	CONFIG_KERNFS=y
Lines 3930-3935 Link Here
3930	# Memory Debugging	3933	# Memory Debugging
3931	#	3934	#
3932	# CONFIG_PAGE_EXTENSION is not set	3935	# CONFIG_PAGE_EXTENSION is not set
		3936	# CONFIG_DEBUG_PAGEALLOC is not set
3933	# CONFIG_PAGE_POISONING is not set	3937	# CONFIG_PAGE_POISONING is not set
3934	# CONFIG_DEBUG_OBJECTS is not set	3938	# CONFIG_DEBUG_OBJECTS is not set
3935	# CONFIG_SLUB_DEBUG_ON is not set	3939	# CONFIG_SLUB_DEBUG_ON is not set
Lines 3973-3978 Link Here
3973	# CONFIG_DEBUG_RT_MUTEXES is not set	3977	# CONFIG_DEBUG_RT_MUTEXES is not set
3974	# CONFIG_DEBUG_SPINLOCK is not set	3978	# CONFIG_DEBUG_SPINLOCK is not set
3975	# CONFIG_DEBUG_MUTEXES is not set	3979	# CONFIG_DEBUG_MUTEXES is not set
		3980	# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
		3981	# CONFIG_DEBUG_LOCK_ALLOC is not set
		3982	# CONFIG_PROVE_LOCKING is not set
		3983	# CONFIG_LOCK_STAT is not set
3976	# CONFIG_DEBUG_ATOMIC_SLEEP is not set	3984	# CONFIG_DEBUG_ATOMIC_SLEEP is not set
3977	# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set	3985	# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
3978	# CONFIG_LOCK_TORTURE_TEST is not set	3986	# CONFIG_LOCK_TORTURE_TEST is not set
Lines 4001-4006 Link Here
4001	# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set	4009	# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
4002	# CONFIG_NOTIFIER_ERROR_INJECTION is not set	4010	# CONFIG_NOTIFIER_ERROR_INJECTION is not set
4003	# CONFIG_FAULT_INJECTION is not set	4011	# CONFIG_FAULT_INJECTION is not set
		4012	# CONFIG_LATENCYTOP is not set
4004	CONFIG_USER_STACKTRACE_SUPPORT=y	4013	CONFIG_USER_STACKTRACE_SUPPORT=y
4005	CONFIG_HAVE_FUNCTION_TRACER=y	4014	CONFIG_HAVE_FUNCTION_TRACER=y
4006	CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y	4015	CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
Lines 4104-4111 Link Here
4104	#	4113	#
4105	# Grsecurity	4114	# Grsecurity
4106	#	4115	#
4107	CONFIG_PAX_PER_CPU_PGD=y	4116	CONFIG_TASK_SIZE_MAX_SHIFT=47
4108	CONFIG_TASK_SIZE_MAX_SHIFT=42
4109	CONFIG_GRKERNSEC=y	4117	CONFIG_GRKERNSEC=y
4110	CONFIG_GRKERNSEC_CONFIG_AUTO=y	4118	CONFIG_GRKERNSEC_CONFIG_AUTO=y
4111	# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set	4119	# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
Lines 4138-4249 Link Here
4138	#	4146	#
4139	# PaX	4147	# PaX
4140	#	4148	#
4141	CONFIG_PAX=y	4149	# CONFIG_PAX is not set
4142
4143	#
4144	# PaX Control
4145	#
4146	# CONFIG_PAX_SOFTMODE is not set
4147	# CONFIG_PAX_PT_PAX_FLAGS is not set
4148	CONFIG_PAX_XATTR_PAX_FLAGS=y
4149	CONFIG_PAX_NO_ACL_FLAGS=y
4150	# CONFIG_PAX_HAVE_ACL_FLAGS is not set
4151	# CONFIG_PAX_HOOK_ACL_FLAGS is not set
4152
4153	#
4154	# Non-executable pages
4155	#
4156	CONFIG_PAX_NOEXEC=y
4157	CONFIG_PAX_PAGEEXEC=y
4158	CONFIG_PAX_EMUTRAMP=y
4159	CONFIG_PAX_MPROTECT=y
4160	# CONFIG_PAX_MPROTECT_COMPAT is not set
4161	# CONFIG_PAX_ELFRELOCS is not set
4162	CONFIG_PAX_KERNEXEC=y
4163	CONFIG_PAX_KERNEXEC_PLUGIN=y
4164	# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_NONE is not set
4165	CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
4166	# CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR is not set
4167
4168	#
4169	# Address Space Layout Randomization
4170	#
4171	CONFIG_PAX_ASLR=y
4172	CONFIG_PAX_RANDKSTACK=y
4173	CONFIG_PAX_RANDUSTACK=y
4174	CONFIG_PAX_RANDMMAP=y
4175		4150
4176	#	4151	#
4177	# Miscellaneous hardening features	4152	# Miscellaneous hardening features
4178	#	4153	#
4179	CONFIG_PAX_MEMORY_SANITIZE=y	4154	# CONFIG_PAX_MEMORY_SANITIZE is not set
4180	CONFIG_PAX_MEMORY_STACKLEAK=y	4155	# CONFIG_PAX_MEMORY_STACKLEAK is not set
4181	CONFIG_PAX_MEMORY_STRUCTLEAK=y	4156	# CONFIG_PAX_MEMORY_STRUCTLEAK is not set
4182	# CONFIG_PAX_MEMORY_UDEREF is not set	4157	# CONFIG_PAX_MEMORY_UDEREF is not set
4183	CONFIG_PAX_REFCOUNT=y	4158	# CONFIG_PAX_REFCOUNT is not set
4184	CONFIG_PAX_USERCOPY=y	4159	CONFIG_PAX_USERCOPY=y
4185	CONFIG_PAX_CONSTIFY_PLUGIN=y
4186	# CONFIG_PAX_USERCOPY_DEBUG is not set	4160	# CONFIG_PAX_USERCOPY_DEBUG is not set
4187	CONFIG_PAX_SIZE_OVERFLOW=y	4161	# CONFIG_PAX_SIZE_OVERFLOW is not set
4188	CONFIG_PAX_SIZE_OVERFLOW_EXTRA=y
4189	# CONFIG_PAX_INITIFY is not set	4162	# CONFIG_PAX_INITIFY is not set
4190	CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y	4163	CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y
4191	CONFIG_PAX_LATENT_ENTROPY=y	4164	# CONFIG_PAX_LATENT_ENTROPY is not set
4192	CONFIG_PAX_RAP=y	4165	# CONFIG_PAX_RAP is not set
4193		4166
4194	#	4167	#
4195	# Memory Protections	4168	# Memory Protections
4196	#	4169	#
4197	# CONFIG_GRKERNSEC_KMEM is not set	4170	# CONFIG_GRKERNSEC_KMEM is not set
4198	# CONFIG_GRKERNSEC_IO is not set	4171	# CONFIG_GRKERNSEC_IO is not set
4199	CONFIG_GRKERNSEC_BPF_HARDEN=y	4172	# CONFIG_GRKERNSEC_BPF_HARDEN is not set
4200	CONFIG_GRKERNSEC_PERF_HARDEN=y	4173	# CONFIG_GRKERNSEC_PERF_HARDEN is not set
4201	# CONFIG_GRKERNSEC_RAND_THREADSTACK is not set	4174	# CONFIG_GRKERNSEC_KSTACKOVERFLOW is not set
4202	CONFIG_GRKERNSEC_PROC_MEMMAP=y	4175	# CONFIG_GRKERNSEC_BRUTE is not set
4203	CONFIG_GRKERNSEC_KSTACKOVERFLOW=y	4176	# CONFIG_GRKERNSEC_MODHARDEN is not set
4204	CONFIG_GRKERNSEC_BRUTE=y	4177	# CONFIG_GRKERNSEC_HIDESYM is not set
4205	CONFIG_GRKERNSEC_MODHARDEN=y	4178	# CONFIG_GRKERNSEC_RANDSTRUCT is not set
4206	CONFIG_GRKERNSEC_HIDESYM=y	4179	# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
4207	CONFIG_GRKERNSEC_RANDSTRUCT=y
4208	CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE=y
4209	CONFIG_GRKERNSEC_KERN_LOCKOUT=y
4210		4180
4211	#	4181	#
4212	# Role Based Access Control Options	4182	# Role Based Access Control Options
4213	#	4183	#
4214	# CONFIG_GRKERNSEC_NO_RBAC is not set	4184	# CONFIG_GRKERNSEC_NO_RBAC is not set
4215	CONFIG_GRKERNSEC_ACL_HIDEKERN=y	4185	# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
4216	CONFIG_GRKERNSEC_ACL_MAXTRIES=3	4186	CONFIG_GRKERNSEC_ACL_MAXTRIES=3
4217	CONFIG_GRKERNSEC_ACL_TIMEOUT=30	4187	CONFIG_GRKERNSEC_ACL_TIMEOUT=30
4218		4188
4219	#	4189	#
4220	# Filesystem Protections	4190	# Filesystem Protections
4221	#	4191	#
4222	CONFIG_GRKERNSEC_PROC=y	4192	# CONFIG_GRKERNSEC_PROC is not set
4223	CONFIG_GRKERNSEC_PROC_USER=y	4193	# CONFIG_GRKERNSEC_LINK is not set
4224	CONFIG_GRKERNSEC_PROC_ADD=y	4194	# CONFIG_GRKERNSEC_SYMLINKOWN is not set
4225	CONFIG_GRKERNSEC_LINK=y	4195	# CONFIG_GRKERNSEC_FIFO is not set
4226	CONFIG_GRKERNSEC_SYMLINKOWN=y	4196	# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
4227	CONFIG_GRKERNSEC_FIFO=y
4228	CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
4229	# CONFIG_GRKERNSEC_ROFS is not set	4197	# CONFIG_GRKERNSEC_ROFS is not set
4230	CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y	4198	# CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set
4231	CONFIG_GRKERNSEC_CHROOT=y	4199	# CONFIG_GRKERNSEC_CHROOT is not set
4232	CONFIG_GRKERNSEC_CHROOT_MOUNT=y
4233	CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
4234	CONFIG_GRKERNSEC_CHROOT_PIVOT=y
4235	CONFIG_GRKERNSEC_CHROOT_CHDIR=y
4236	CONFIG_GRKERNSEC_CHROOT_CHMOD=y
4237	CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
4238	CONFIG_GRKERNSEC_CHROOT_MKNOD=y
4239	CONFIG_GRKERNSEC_CHROOT_SHMAT=y
4240	CONFIG_GRKERNSEC_CHROOT_UNIX=y
4241	CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
4242	CONFIG_GRKERNSEC_CHROOT_NICE=y
4243	CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
4244	CONFIG_GRKERNSEC_CHROOT_RENAME=y
4245	CONFIG_GRKERNSEC_CHROOT_CAPS=y
4246	# CONFIG_GRKERNSEC_CHROOT_INITRD is not set
4247		4200
4248	#	4201	#
4249	# Kernel Auditing	4202	# Kernel Auditing
Lines 4259-4265 Link Here
4259	CONFIG_GRKERNSEC_FORKFAIL=y	4212	CONFIG_GRKERNSEC_FORKFAIL=y
4260	CONFIG_GRKERNSEC_TIME=y	4213	CONFIG_GRKERNSEC_TIME=y
4261	CONFIG_GRKERNSEC_PROC_IPADDR=y	4214	CONFIG_GRKERNSEC_PROC_IPADDR=y
4262	CONFIG_GRKERNSEC_RWXMAP_LOG=y
4263		4215
4264	#	4216	#
4265	# Executable Protections	4217	# Executable Protections