Jan Alexander Steffens
c189ce4263
Enable INIT_ON_ALLOC_DEFAULT_ON
...
https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
2019-11-18 21:33:26 +00:00
Jan Alexander Steffens
cad3b7156f
5.3.11.1-1
2019-11-12 23:21:40 +00:00
Jan Alexander Steffens
44420b8b15
Disable full dynticks
2019-11-03 14:24:59 +00:00
Jan Alexander Steffens
aa190d3c60
Disable some stray Freescale audio modules
2019-11-03 14:24:58 +00:00
Jan Alexander Steffens
35f8455e06
FS#64302: Disable Google SMI
...
Crashes on various non-Google Chromebooks and Coreboot-using laptops
like Librem and reflashed ThinkPads.
2019-11-03 10:45:25 +00:00
Jan Alexander Steffens
a53987ae76
FS#63464: Disable Sound Open Firmware
...
We don't ship any firmware files (yet) and the drivers can be loaded
in preference to the SST drivers, which we do have firmware for.
2019-11-02 08:23:45 +00:00
Jan Alexander Steffens
b204fb2896
Disable CONFIG_RMI4_F54
...
The V4L touch device created is buggy, causing userspace applications
(PipeWire) to behave badly and even kernel panics when running
v4l2-compliance -t 0 -s 1
2019-10-31 15:11:37 +00:00
Jan Alexander Steffens
3f306c2e10
FS#55784 enable google modules
2019-10-19 14:01:12 +00:00
Jan Alexander Steffens
964e000a29
5.3.2.arch2-1
2019-10-04 00:16:59 +00:00
Jan Alexander Steffens
be16067dd6
Enable SUNRPC_DISABLE_INSECURE_ENCTYPES
2019-10-03 14:51:04 +00:00
Jan Alexander Steffens
bd82bdc99a
5.3.arch1-1
2019-09-16 04:19:09 +00:00
Jan Alexander Steffens
92f97e2c06
5.2.10.arch1-1
2019-08-25 18:27:22 +00:00
Jan Alexander Steffens
ec7e9200bb
5.2.5.arch1-1
2019-07-31 09:05:53 +00:00
Jan Alexander Steffens
c75fb07643
FS#62432: Disable FW_LOADER_USER_HELPER
2019-07-30 21:04:09 +00:00
Jan Alexander Steffens
439e5a0af4
5.2.2.arch1-1: Disable stackleak; shows up in perf as 6-7% overhead
2019-07-21 19:43:40 +00:00
Jan Alexander Steffens
53d0c2511a
5.2.1.arch1-1
2019-07-14 21:46:06 +00:00
Jan Alexander Steffens
e77150c276
Enable stackleak
2019-07-10 15:18:09 +00:00
Jan Alexander Steffens
0471ab33d5
5.2.arch2-1
2019-07-09 04:10:19 +00:00
Jan Alexander Steffens
c8269e7394
Update config
2019-06-24 07:28:51 +00:00
Jan Alexander Steffens
6621446c2d
5.1.8.arch1-1
2019-06-09 21:32:47 +00:00
Jan Alexander Steffens
10505f2f9b
Disable integrity, enable safesetid, only load yama by default
2019-05-07 20:04:22 +00:00
Jan Alexander Steffens
78a111327b
5.1.arch1-1
2019-05-06 23:33:26 +00:00
Jan Alexander Steffens
f84d330b5f
5.0.10.arch1-1
2019-04-27 22:09:22 +00:00
Jan Alexander Steffens
b16b08b24a
FS#42910: Enable TOMOYO and SMACK
2019-04-09 21:53:11 +00:00
Jan Alexander Steffens
bcf602c7ae
5.0.arch1-1
2019-03-04 15:36:14 +00:00
Jan Alexander Steffens
6d64c139ef
4.20.3.arch1-1
2019-01-17 00:31:30 +00:00
Jan Alexander Steffens
fdbdebf5f1
4.20.1.arch1-1
2019-01-10 04:59:02 +00:00
Jan Alexander Steffens
4810e21851
4.20.arch1-1
2018-12-24 04:08:00 +00:00
Jan Alexander Steffens
03525e64df
FS#60879: Enable CONFIG_IEEE802154_HWSIM
2018-12-09 23:10:36 +00:00
Jan Alexander Steffens
bb9d85deef
4.19.7.arch1-1
2018-12-05 21:55:32 +00:00
Jan Alexander Steffens
21df49f85d
4.19.3.arch1-1
2018-11-22 07:41:48 +00:00
Jan Alexander Steffens
9036d47c87
FS#53288: Add GVRP
2018-11-20 22:04:33 +00:00
Jan Alexander Steffens
d00e2383fc
4.19.2.arch1-1
2018-11-13 22:29:23 +00:00
Jan Alexander Steffens
b1f5dbdf27
4.19.1.arch1-1
2018-11-04 17:56:31 +00:00
Jan Alexander Steffens
b966f6d713
FS#60614: Enable Block-MQ by default
2018-11-04 16:36:58 +00:00
Jan Alexander Steffens
757573dfbc
FS#57408: Reenable 16-bit support
2018-11-03 08:52:15 +00:00
Jan Alexander Steffens
cf354551c2
Disable RANDOM_TRUST_CPU and IOMMU_DEBUGFS
2018-10-29 21:35:18 +00:00
Jan Alexander Steffens
19c2451141
FS#60520 Enable LEDS_SYSCON
2018-10-26 19:04:33 +00:00
Jan Alexander Steffens
4ce5aa26d4
4.19.arch1-1
2018-10-26 18:46:07 +00:00
Jan Alexander Steffens
aac6d414e3
FS#46505 Minimal config for USB serial console support
2018-10-26 12:06:56 +00:00
Jan Alexander Steffens
6e7f717f02
4.18.16.arch1-1: Build in VFIO for FS#46505
2018-10-20 22:05:36 +00:00
Jan Alexander Steffens
c11f879fad
FS#46505: USB Serial console support; build in USB keyboard support
2018-09-27 00:45:46 +00:00
Jan Alexander Steffens
3a29867f82
4.18.8.arch1-1
2018-09-15 22:53:00 +00:00
Jan Alexander Steffens
81fa94f9fc
Add module signatures (but don't require)
2018-09-12 17:25:54 +00:00
Jan Alexander Steffens
6b918f8941
FS#59833: Disable BPFILTER
2018-09-03 19:15:29 +00:00
Jan Alexander Steffens
2e347a387f
Revert "Enable TXT, SELinux and AppArmor"
...
All of these require significant userspace support. SELinux in
particular requires linking against its library in numerous places,
including coreutils. This makes making them available in the kernel of
dubious value. Still, AppArmor and SELinux are available in
linux-hardened for those who want it.
This reverts commit 8215d0422d37317bd154497a2240ebbdd14c131d.
2018-09-03 19:15:26 +00:00
Jan Alexander Steffens
304ce7dbcb
FS#59824: build in PC RTC driver
2018-08-31 07:05:30 +00:00
Jan Alexander Steffens
8ff0dbd8eb
Enable TXT, SELinux and AppArmor
2018-08-26 09:25:52 +00:00
Jan Alexander Steffens
30e994930b
4.18.1.arch1-1
2018-08-16 06:57:20 +00:00
Jan Alexander Steffens
7fa10dea65
4.18.arch1-1
2018-08-13 12:41:17 +00:00