Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Javier J. Martínez Cabezón" <tazok.id0@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] KVM & Gentoo Hardened
Date: Sun, 21 Dec 2008 16:59:53
Message-Id: 897813410812210859l246a993ds13fd740cb533decf@mail.gmail.com
In Reply to: Re: [gentoo-hardened] KVM & Gentoo Hardened by Sadako
1 Actually only the guest is in hardened sources, host is under debian
2 lenny. I send you the .config of the guest kernel.
3
4 #
5 # Automatically generated make config: don't edit
6 # Linux kernel version: 2.6.23.14
7 # Sat Dec 20 22:49:10 2008
8 #
9 CONFIG_X86_32=y
10 CONFIG_GENERIC_TIME=y
11 CONFIG_GENERIC_CMOS_UPDATE=y
12 CONFIG_CLOCKSOURCE_WATCHDOG=y
13 CONFIG_GENERIC_CLOCKEVENTS=y
14 CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
15 CONFIG_LOCKDEP_SUPPORT=y
16 CONFIG_STACKTRACE_SUPPORT=y
17 CONFIG_SEMAPHORE_SLEEPERS=y
18 CONFIG_X86=y
19 CONFIG_MMU=y
20 CONFIG_ZONE_DMA=y
21 CONFIG_QUICKLIST=y
22 CONFIG_GENERIC_ISA_DMA=y
23 CONFIG_GENERIC_IOMAP=y
24 CONFIG_GENERIC_BUG=y
25 CONFIG_GENERIC_HWEIGHT=y
26 CONFIG_ARCH_MAY_HAVE_PC_FDC=y
27 CONFIG_DMI=y
28 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
29
30 #
31 # General setup
32 #
33 CONFIG_EXPERIMENTAL=y
34 CONFIG_BROKEN_ON_SMP=y
35 CONFIG_INIT_ENV_ARG_LIMIT=32
36 CONFIG_LOCALVERSION=""
37 CONFIG_LOCALVERSION_AUTO=y
38 CONFIG_SWAP=y
39 CONFIG_SYSVIPC=y
40 CONFIG_SYSVIPC_SYSCTL=y
41 CONFIG_POSIX_MQUEUE=y
42 # CONFIG_BSD_PROCESS_ACCT is not set
43 # CONFIG_TASKSTATS is not set
44 CONFIG_USER_NS=y
45 # CONFIG_AUDIT is not set
46 CONFIG_IKCONFIG=y
47 CONFIG_IKCONFIG_PROC=y
48 CONFIG_LOG_BUF_SHIFT=17
49 CONFIG_SYSFS_DEPRECATED=y
50 # CONFIG_RELAY is not set
51 CONFIG_BLK_DEV_INITRD=y
52 CONFIG_INITRAMFS_SOURCE=""
53 # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
54 CONFIG_SYSCTL=y
55 # CONFIG_EMBEDDED is not set
56 CONFIG_UID16=y
57 CONFIG_SYSCTL_SYSCALL=y
58 CONFIG_KALLSYMS=y
59 # CONFIG_KALLSYMS_EXTRA_PASS is not set
60 CONFIG_HOTPLUG=y
61 CONFIG_PRINTK=y
62 CONFIG_BUG=y
63 CONFIG_ELF_CORE=y
64 CONFIG_BASE_FULL=y
65 CONFIG_FUTEX=y
66 CONFIG_ANON_INODES=y
67 CONFIG_EPOLL=y
68 CONFIG_SIGNALFD=y
69 CONFIG_EVENTFD=y
70 CONFIG_SHMEM=y
71 CONFIG_VM_EVENT_COUNTERS=y
72 CONFIG_SLAB=y
73 # CONFIG_SLUB is not set
74 # CONFIG_SLOB is not set
75 CONFIG_RT_MUTEXES=y
76 # CONFIG_TINY_SHMEM is not set
77 CONFIG_BASE_SMALL=0
78 # CONFIG_MODULES is not set
79 CONFIG_BLOCK=y
80 # CONFIG_LBD is not set
81 # CONFIG_BLK_DEV_IO_TRACE is not set
82 # CONFIG_LSF is not set
83 # CONFIG_BLK_DEV_BSG is not set
84
85 #
86 # IO Schedulers
87 #
88 CONFIG_IOSCHED_NOOP=y
89 CONFIG_IOSCHED_AS=y
90 CONFIG_IOSCHED_DEADLINE=y
91 CONFIG_IOSCHED_CFQ=y
92 CONFIG_DEFAULT_AS=y
93 # CONFIG_DEFAULT_DEADLINE is not set
94 # CONFIG_DEFAULT_CFQ is not set
95 # CONFIG_DEFAULT_NOOP is not set
96 CONFIG_DEFAULT_IOSCHED="anticipatory"
97
98 #
99 # Processor type and features
100 #
101 CONFIG_TICK_ONESHOT=y
102 # CONFIG_NO_HZ is not set
103 CONFIG_HIGH_RES_TIMERS=y
104 # CONFIG_SMP is not set
105 CONFIG_X86_PC=y
106 # CONFIG_X86_ELAN is not set
107 # CONFIG_X86_VOYAGER is not set
108 # CONFIG_X86_NUMAQ is not set
109 # CONFIG_X86_SUMMIT is not set
110 # CONFIG_X86_BIGSMP is not set
111 # CONFIG_X86_VISWS is not set
112 # CONFIG_X86_GENERICARCH is not set
113 # CONFIG_X86_ES7000 is not set
114 # CONFIG_PARAVIRT is not set
115 CONFIG_M386=y
116 # CONFIG_M486 is not set
117 # CONFIG_M586 is not set
118 # CONFIG_M586TSC is not set
119 # CONFIG_M586MMX is not set
120 # CONFIG_M686 is not set
121 # CONFIG_MPENTIUMII is not set
122 # CONFIG_MPENTIUMIII is not set
123 # CONFIG_MPENTIUMM is not set
124 # CONFIG_MCORE2 is not set
125 # CONFIG_MPENTIUM4 is not set
126 # CONFIG_MK6 is not set
127 # CONFIG_MK7 is not set
128 # CONFIG_MK8 is not set
129 # CONFIG_MCRUSOE is not set
130 # CONFIG_MEFFICEON is not set
131 # CONFIG_MWINCHIPC6 is not set
132 # CONFIG_MWINCHIP2 is not set
133 # CONFIG_MWINCHIP3D is not set
134 # CONFIG_MGEODEGX1 is not set
135 # CONFIG_MGEODE_LX is not set
136 # CONFIG_MCYRIXIII is not set
137 # CONFIG_MVIAC3_2 is not set
138 # CONFIG_MVIAC7 is not set
139 CONFIG_X86_GENERIC=y
140 CONFIG_X86_L1_CACHE_SHIFT=7
141 CONFIG_RWSEM_GENERIC_SPINLOCK=y
142 # CONFIG_ARCH_HAS_ILOG2_U32 is not set
143 # CONFIG_ARCH_HAS_ILOG2_U64 is not set
144 CONFIG_GENERIC_CALIBRATE_DELAY=y
145 CONFIG_X86_PPRO_FENCE=y
146 CONFIG_X86_F00F_BUG=y
147 CONFIG_X86_INTEL_USERCOPY=y
148 CONFIG_X86_MINIMUM_CPU_FAMILY=3
149 CONFIG_HPET_TIMER=y
150 CONFIG_HPET_EMULATE_RTC=y
151 # CONFIG_PREEMPT_NONE is not set
152 CONFIG_PREEMPT_VOLUNTARY=y
153 # CONFIG_PREEMPT is not set
154 CONFIG_X86_UP_APIC=y
155 CONFIG_X86_UP_IOAPIC=y
156 CONFIG_X86_LOCAL_APIC=y
157 CONFIG_X86_IO_APIC=y
158 CONFIG_X86_MCE=y
159 CONFIG_X86_MCE_NONFATAL=y
160 # CONFIG_X86_MCE_P4THERMAL is not set
161 CONFIG_VM86=y
162 # CONFIG_TOSHIBA is not set
163 # CONFIG_I8K is not set
164 CONFIG_X86_REBOOTFIXUPS=y
165 # CONFIG_MICROCODE is not set
166 # CONFIG_X86_MSR is not set
167 # CONFIG_X86_CPUID is not set
168
169 #
170 # Firmware Drivers
171 #
172 # CONFIG_EDD is not set
173 # CONFIG_DELL_RBU is not set
174 # CONFIG_DCDBAS is not set
175 # CONFIG_DMIID is not set
176 # CONFIG_NOHIGHMEM is not set
177 CONFIG_HIGHMEM4G=y
178 # CONFIG_HIGHMEM64G is not set
179 CONFIG_PAGE_OFFSET=0xC0000000
180 CONFIG_HIGHMEM=y
181 CONFIG_ARCH_FLATMEM_ENABLE=y
182 CONFIG_ARCH_SPARSEMEM_ENABLE=y
183 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
184 CONFIG_ARCH_POPULATES_NODE_MAP=y
185 CONFIG_SELECT_MEMORY_MODEL=y
186 CONFIG_FLATMEM_MANUAL=y
187 # CONFIG_DISCONTIGMEM_MANUAL is not set
188 # CONFIG_SPARSEMEM_MANUAL is not set
189 CONFIG_FLATMEM=y
190 CONFIG_FLAT_NODE_MEM_MAP=y
191 CONFIG_SPARSEMEM_STATIC=y
192 CONFIG_SPLIT_PTLOCK_CPUS=4
193 CONFIG_RESOURCES_64BIT=y
194 CONFIG_ZONE_DMA_FLAG=1
195 CONFIG_BOUNCE=y
196 CONFIG_NR_QUICK=1
197 CONFIG_VIRT_TO_BUS=y
198 # CONFIG_HIGHPTE is not set
199 # CONFIG_MATH_EMULATION is not set
200 # CONFIG_MTRR is not set
201 # CONFIG_SECCOMP is not set
202 # CONFIG_HZ_100 is not set
203 CONFIG_HZ_250=y
204 # CONFIG_HZ_300 is not set
205 # CONFIG_HZ_1000 is not set
206 CONFIG_HZ=250
207 # CONFIG_KEXEC is not set
208 # CONFIG_CRASH_DUMP is not set
209 CONFIG_PHYSICAL_START=0x200000
210 # CONFIG_RELOCATABLE is not set
211 CONFIG_PHYSICAL_ALIGN=0x100000
212 # CONFIG_COMPAT_VDSO is not set
213
214 #
215 # Rule Set Based Access Control (RSBAC)
216 #
217 CONFIG_RSBAC=y
218
219 #
220 # General RSBAC options
221 #
222 CONFIG_RSBAC_INIT_THREAD=y
223 CONFIG_RSBAC_MAX_INIT_TIME=10
224 CONFIG_RSBAC_PROC=y
225 CONFIG_RSBAC_INIT_CHECK=y
226 # CONFIG_RSBAC_NO_WRITE is not set
227 # CONFIG_RSBAC_MSDOS_WRITE is not set
228 CONFIG_RSBAC_AUTO_WRITE=5
229 CONFIG_RSBAC_LIST_MAX_HASHES=128
230 CONFIG_RSBAC_LIST_CHECK_INTERVAL=1800
231 CONFIG_RSBAC_LIST_TRANS=y
232 CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600
233 CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y
234 CONFIG_RSBAC_FD_CACHE=y
235 CONFIG_RSBAC_FD_CACHE_TTL=1800
236 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS=2000
237 CONFIG_RSBAC_DEBUG=y
238 CONFIG_RSBAC_DEV_USER_BACKUP=y
239 CONFIG_RSBAC_SECOFF_UID=666
240 CONFIG_RSBAC_INIT_DELAY=y
241 CONFIG_RSBAC_GEN_NR_P_LISTS=4
242
243 #
244 # User Management
245 #
246 CONFIG_RSBAC_UM=y
247 CONFIG_RSBAC_UM_DIGEST=y
248 CONFIG_RSBAC_UM_USER_MIN=2000
249 CONFIG_RSBAC_UM_GROUP_MIN=2000
250 # CONFIG_RSBAC_UM_EXCL is not set
251 CONFIG_RSBAC_UM_MIN_PASS_LEN=6
252 CONFIG_RSBAC_UM_NON_ALPHA=y
253 CONFIG_RSBAC_UM_PWHISTORY=y
254 CONFIG_RSBAC_UM_PWHISTORY_MAX=8
255
256 #
257 # RSBAC networking options
258 #
259 CONFIG_RSBAC_NET=y
260 CONFIG_RSBAC_NET_DEV=y
261 CONFIG_RSBAC_NET_DEV_VIRT=y
262 CONFIG_RSBAC_IND_NETDEV_LOG=y
263 CONFIG_RSBAC_NET_OBJ=y
264 CONFIG_RSBAC_NET_OBJ_RW=y
265 CONFIG_RSBAC_IND_NETOBJ_LOG=y
266
267 #
268 # -------------------------
269 #
270 # CONFIG_RSBAC_MAINT is not set
271
272 #
273 # -------------------------
274 #
275
276 #
277 # Decision module (policy) options
278 #
279 # CONFIG_RSBAC_REG is not set
280
281 #
282 # -------------------------
283 #
284 CONFIG_RSBAC_AUTH=y
285
286 #
287 # AUTH Policy Options
288 #
289 CONFIG_RSBAC_AUTH_AUTH_PROT=y
290 CONFIG_RSBAC_AUTH_OTHER_PROT=y
291 CONFIG_RSBAC_AUTH_UM_PROT=y
292 CONFIG_RSBAC_AUTH_DAC_OWNER=y
293 # CONFIG_RSBAC_AUTH_ALLOW_SAME is not set
294 CONFIG_RSBAC_AUTH_GROUP=y
295 CONFIG_RSBAC_AUTH_DAC_GROUP=y
296 CONFIG_RSBAC_AUTH_LEARN=y
297 CONFIG_RSBAC_RC=y
298
299 #
300 # RC Policy Options
301 #
302 CONFIG_RSBAC_RC_AUTH_PROT=y
303 CONFIG_RSBAC_RC_UM_PROT=y
304 CONFIG_RSBAC_RC_GEN_PROT=y
305 CONFIG_RSBAC_RC_BACKUP=y
306 CONFIG_RSBAC_RC_NET_DEV_PROT=y
307 CONFIG_RSBAC_RC_NET_OBJ_PROT=y
308 CONFIG_RSBAC_RC_NET_OBJ_UNIX_PROCESS=y
309 CONFIG_RSBAC_RC_NR_P_LISTS=8
310 CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE=999999
311 CONFIG_RSBAC_ACL=y
312
313 #
314 # ACL Policy Options
315 #
316 CONFIG_RSBAC_ACL_SUPER_FILTER=y
317 CONFIG_RSBAC_ACL_AUTH_PROT=y
318 CONFIG_RSBAC_ACL_UM_PROT=y
319 CONFIG_RSBAC_ACL_GEN_PROT=y
320 CONFIG_RSBAC_ACL_BACKUP=y
321 CONFIG_RSBAC_ACL_LEARN=y
322 CONFIG_RSBAC_ACL_NET_DEV_PROT=y
323 CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
324 # CONFIG_RSBAC_MAC is not set
325 CONFIG_RSBAC_PAX=y
326
327 #
328 # PAX Policy Options
329 #
330 CONFIG_RSBAC_PAX_DEFAULT=y
331 CONFIG_RSBAC_PAX_PAGEEXEC=y
332 # CONFIG_RSBAC_PAX_EMUTRAMP is not set
333 CONFIG_RSBAC_PAX_MPROTECT=y
334 CONFIG_RSBAC_PAX_RANDMMAP=y
335 CONFIG_RSBAC_PAX_RANDEXEC=y
336 CONFIG_RSBAC_PAX_SEGMEXEC=y
337 # CONFIG_RSBAC_DAZ is not set
338 CONFIG_RSBAC_CAP=y
339
340 #
341 # CAP Policy Options
342 #
343 CONFIG_RSBAC_CAP_PROC_HIDE=y
344 CONFIG_RSBAC_CAP_AUTH_PROT=y
345 CONFIG_RSBAC_CAP_LOG_MISSING=y
346 CONFIG_RSBAC_JAIL=y
347
348 #
349 # JAIL Policy Options
350 #
351 CONFIG_RSBAC_JAIL_NET_ADJUST=y
352 CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
353 CONFIG_RSBAC_JAIL_NR_P_LISTS=4
354 CONFIG_RSBAC_JAIL_LOG_MISSING=y
355 CONFIG_RSBAC_RES=y
356 # CONFIG_RSBAC_FF is not set
357 # CONFIG_RSBAC_PM is not set
358
359 #
360 # ----------------
361 #
362
363 #
364 # Softmode and switching
365 #
366 CONFIG_RSBAC_SOFTMODE=y
367 # CONFIG_RSBAC_SOFTMODE_SYSRQ is not set
368 CONFIG_RSBAC_SOFTMODE_IND=y
369 CONFIG_RSBAC_SWITCH=y
370 CONFIG_RSBAC_SWITCH_ON=y
371 CONFIG_RSBAC_SWITCH_AUTH=y
372 CONFIG_RSBAC_SWITCH_RC=y
373 CONFIG_RSBAC_SWITCH_ACL=y
374 CONFIG_RSBAC_SWITCH_PAX=y
375 CONFIG_RSBAC_SWITCH_CAP=y
376 CONFIG_RSBAC_SWITCH_JAIL=y
377 CONFIG_RSBAC_SWITCH_RES=y
378
379 #
380 # Logging
381 #
382 CONFIG_RSBAC_IND_LOG=y
383 CONFIG_RSBAC_IND_USER_LOG=y
384 CONFIG_RSBAC_IND_PROG_LOG=y
385 CONFIG_RSBAC_LOG_PROGRAM_FILE=y
386 CONFIG_RSBAC_LOG_FULL_PATH=y
387 CONFIG_RSBAC_MAX_PATH_LEN=512
388 # CONFIG_RSBAC_LOG_PSEUDO is not set
389 CONFIG_RSBAC_SYSLOG_RATE=y
390 CONFIG_RSBAC_SYSLOG_RATE_DEF=1000
391 CONFIG_RSBAC_RMSG=y
392 CONFIG_RSBAC_RMSG_MAXENTRIES=200
393 CONFIG_RSBAC_RMSG_NOSYSLOG=y
394
395 #
396 # ----------------
397 #
398 # CONFIG_RSBAC_LOG_REMOTE is not set
399 CONFIG_RSBAC_SYM_REDIR=y
400 CONFIG_RSBAC_SYM_REDIR_REMOTE_IP=y
401 CONFIG_RSBAC_SYM_REDIR_UID=y
402 CONFIG_RSBAC_SYM_REDIR_RC=y
403 # CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set
404
405 #
406 # Other RSBAC options
407 #
408 CONFIG_RSBAC_SECDEL=y
409 CONFIG_RSBAC_RW=y
410 CONFIG_RSBAC_IPC_SEM=y
411 CONFIG_RSBAC_DAC_OWNER=y
412 CONFIG_RSBAC_DAC_GROUP=y
413 CONFIG_RSBAC_PROC_HIDE=y
414 CONFIG_RSBAC_FSOBJ_HIDE=y
415 # CONFIG_RSBAC_FREEZE is not set
416 CONFIG_RSBAC_SYSLOG=y
417 CONFIG_RSBAC_IOCTL=y
418 CONFIG_RSBAC_USER_CHOWN=y
419 CONFIG_RSBAC_DAT_VISIBLE=y
420 # CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
421 # CONFIG_RSBAC_USER_MOD_IOPERM is not set
422 CONFIG_RSBAC_FAKE_ROOT_UID=y
423 CONFIG_RSBAC_XSTATS=y
424 CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
425
426 #
427 # Power management options (ACPI, APM)
428 #
429 # CONFIG_PM is not set
430 CONFIG_SUSPEND_UP_POSSIBLE=y
431 CONFIG_HIBERNATION_UP_POSSIBLE=y
432
433 #
434 # CPU Frequency scaling
435 #
436 # CONFIG_CPU_FREQ is not set
437
438 #
439 # Bus options (PCI, PCMCIA, EISA, MCA, ISA)
440 #
441 CONFIG_PCI=y
442 # CONFIG_PCI_GOBIOS is not set
443 # CONFIG_PCI_GOMMCONFIG is not set
444 # CONFIG_PCI_GODIRECT is not set
445 CONFIG_PCI_GOANY=y
446 CONFIG_PCI_BIOS=y
447 CONFIG_PCI_DIRECT=y
448 CONFIG_PCIEPORTBUS=y
449 CONFIG_PCIEAER=y
450 CONFIG_ARCH_SUPPORTS_MSI=y
451 # CONFIG_PCI_MSI is not set
452 CONFIG_HT_IRQ=y
453 CONFIG_ISA_DMA_API=y
454 # CONFIG_ISA is not set
455 # CONFIG_MCA is not set
456 # CONFIG_SCx200 is not set
457
458 #
459 # PCCARD (PCMCIA/CardBus) support
460 #
461 # CONFIG_PCCARD is not set
462 # CONFIG_HOTPLUG_PCI is not set
463
464 #
465 # Executable file formats
466 #
467 CONFIG_BINFMT_ELF=y
468 # CONFIG_BINFMT_AOUT is not set
469 # CONFIG_BINFMT_MISC is not set
470
471 #
472 # Networking
473 #
474 CONFIG_NET=y
475
476 #
477 # Networking options
478 #
479 CONFIG_PACKET=y
480 # CONFIG_PACKET_MMAP is not set
481 CONFIG_UNIX=y
482 # CONFIG_NET_KEY is not set
483 CONFIG_INET=y
484 CONFIG_IP_MULTICAST=y
485 CONFIG_IP_ADVANCED_ROUTER=y
486 CONFIG_ASK_IP_FIB_HASH=y
487 # CONFIG_IP_FIB_TRIE is not set
488 CONFIG_IP_FIB_HASH=y
489 # CONFIG_IP_MULTIPLE_TABLES is not set
490 # CONFIG_IP_ROUTE_MULTIPATH is not set
491 # CONFIG_IP_ROUTE_VERBOSE is not set
492 # CONFIG_IP_PNP is not set
493 # CONFIG_NET_IPIP is not set
494 # CONFIG_NET_IPGRE is not set
495 # CONFIG_IP_MROUTE is not set
496 # CONFIG_ARPD is not set
497 # CONFIG_SYN_COOKIES is not set
498 # CONFIG_INET_AH is not set
499 # CONFIG_INET_ESP is not set
500 # CONFIG_INET_IPCOMP is not set
501 # CONFIG_INET_XFRM_TUNNEL is not set
502 # CONFIG_INET_TUNNEL is not set
503 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set
504 # CONFIG_INET_XFRM_MODE_TUNNEL is not set
505 # CONFIG_INET_XFRM_MODE_BEET is not set
506 CONFIG_INET_DIAG=y
507 CONFIG_INET_TCP_DIAG=y
508 # CONFIG_TCP_CONG_ADVANCED is not set
509 CONFIG_TCP_CONG_CUBIC=y
510 CONFIG_DEFAULT_TCP_CONG="cubic"
511 # CONFIG_TCP_MD5SIG is not set
512 # CONFIG_IP_VS is not set
513 # CONFIG_IPV6 is not set
514 # CONFIG_INET6_XFRM_TUNNEL is not set
515 # CONFIG_INET6_TUNNEL is not set
516 # CONFIG_NETWORK_SECMARK is not set
517 CONFIG_NETFILTER=y
518 CONFIG_NETFILTER_DEBUG=y
519
520 #
521 # Core Netfilter Configuration
522 #
523 CONFIG_NETFILTER_NETLINK=y
524 CONFIG_NETFILTER_NETLINK_QUEUE=y
525 CONFIG_NETFILTER_NETLINK_LOG=y
526 CONFIG_NF_CONNTRACK_ENABLED=y
527 CONFIG_NF_CONNTRACK=y
528 CONFIG_NF_CT_ACCT=y
529 CONFIG_NF_CONNTRACK_MARK=y
530 CONFIG_NF_CONNTRACK_EVENTS=y
531 # CONFIG_NF_CT_PROTO_SCTP is not set
532 CONFIG_NF_CT_PROTO_UDPLITE=y
533 # CONFIG_NF_CONNTRACK_AMANDA is not set
534 CONFIG_NF_CONNTRACK_FTP=y
535 # CONFIG_NF_CONNTRACK_H323 is not set
536 CONFIG_NF_CONNTRACK_IRC=y
537 # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
538 # CONFIG_NF_CONNTRACK_PPTP is not set
539 # CONFIG_NF_CONNTRACK_SANE is not set
540 # CONFIG_NF_CONNTRACK_SIP is not set
541 # CONFIG_NF_CONNTRACK_TFTP is not set
542 CONFIG_NF_CT_NETLINK=y
543 CONFIG_NETFILTER_XTABLES=y
544 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
545 # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
546 # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
547 CONFIG_NETFILTER_XT_TARGET_MARK=y
548 CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
549 CONFIG_NETFILTER_XT_TARGET_NFLOG=y
550 # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
551 CONFIG_NETFILTER_XT_TARGET_TRACE=y
552 CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
553 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
554 CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
555 CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
556 CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
557 CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
558 CONFIG_NETFILTER_XT_MATCH_DCCP=y
559 CONFIG_NETFILTER_XT_MATCH_DSCP=y
560 CONFIG_NETFILTER_XT_MATCH_ESP=y
561 CONFIG_NETFILTER_XT_MATCH_HELPER=y
562 CONFIG_NETFILTER_XT_MATCH_LENGTH=y
563 CONFIG_NETFILTER_XT_MATCH_LIMIT=y
564 CONFIG_NETFILTER_XT_MATCH_MAC=y
565 CONFIG_NETFILTER_XT_MATCH_MARK=y
566 CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
567 CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
568 CONFIG_NETFILTER_XT_MATCH_QUOTA=y
569 CONFIG_NETFILTER_XT_MATCH_REALM=y
570 CONFIG_NETFILTER_XT_MATCH_SCTP=y
571 CONFIG_NETFILTER_XT_MATCH_STATE=y
572 CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
573 CONFIG_NETFILTER_XT_MATCH_STRING=y
574 CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
575 CONFIG_NETFILTER_XT_MATCH_U32=y
576 CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
577
578 #
579 # IP: Netfilter Configuration
580 #
581 CONFIG_NF_CONNTRACK_IPV4=y
582 CONFIG_NF_CONNTRACK_PROC_COMPAT=y
583 CONFIG_IP_NF_QUEUE=y
584 CONFIG_IP_NF_IPTABLES=y
585 CONFIG_IP_NF_MATCH_IPRANGE=y
586 CONFIG_IP_NF_MATCH_TOS=y
587 CONFIG_IP_NF_MATCH_RECENT=y
588 CONFIG_IP_NF_MATCH_ECN=y
589 CONFIG_IP_NF_MATCH_AH=y
590 CONFIG_IP_NF_MATCH_TTL=y
591 CONFIG_IP_NF_MATCH_OWNER=y
592 CONFIG_IP_NF_MATCH_ADDRTYPE=y
593 CONFIG_IP_NF_FILTER=y
594 CONFIG_IP_NF_TARGET_REJECT=y
595 CONFIG_IP_NF_TARGET_LOG=y
596 CONFIG_IP_NF_TARGET_ULOG=y
597 CONFIG_NF_NAT=y
598 CONFIG_NF_NAT_NEEDED=y
599 CONFIG_IP_NF_TARGET_MASQUERADE=y
600 CONFIG_IP_NF_TARGET_REDIRECT=y
601 CONFIG_IP_NF_TARGET_NETMAP=y
602 CONFIG_IP_NF_TARGET_SAME=y
603 CONFIG_NF_NAT_SNMP_BASIC=y
604 CONFIG_NF_NAT_FTP=y
605 CONFIG_NF_NAT_IRC=y
606 # CONFIG_NF_NAT_TFTP is not set
607 # CONFIG_NF_NAT_AMANDA is not set
608 # CONFIG_NF_NAT_PPTP is not set
609 # CONFIG_NF_NAT_H323 is not set
610 # CONFIG_NF_NAT_SIP is not set
611 CONFIG_IP_NF_MANGLE=y
612 CONFIG_IP_NF_TARGET_TOS=y
613 CONFIG_IP_NF_TARGET_ECN=y
614 CONFIG_IP_NF_TARGET_TTL=y
615 CONFIG_IP_NF_TARGET_CLUSTERIP=y
616 CONFIG_IP_NF_RAW=y
617 CONFIG_IP_NF_ARPTABLES=y
618 CONFIG_IP_NF_ARPFILTER=y
619 CONFIG_IP_NF_ARP_MANGLE=y
620 # CONFIG_IP_DCCP is not set
621 # CONFIG_IP_SCTP is not set
622 # CONFIG_TIPC is not set
623 # CONFIG_ATM is not set
624 # CONFIG_BRIDGE is not set
625 # CONFIG_VLAN_8021Q is not set
626 # CONFIG_DECNET is not set
627 # CONFIG_LLC2 is not set
628 # CONFIG_IPX is not set
629 # CONFIG_ATALK is not set
630 # CONFIG_X25 is not set
631 # CONFIG_LAPB is not set
632 # CONFIG_ECONET is not set
633 # CONFIG_WAN_ROUTER is not set
634
635 #
636 # QoS and/or fair queueing
637 #
638 # CONFIG_NET_SCHED is not set
639 CONFIG_NET_CLS_ROUTE=y
640
641 #
642 # Network testing
643 #
644 # CONFIG_NET_PKTGEN is not set
645 # CONFIG_HAMRADIO is not set
646 # CONFIG_IRDA is not set
647 # CONFIG_BT is not set
648 # CONFIG_AF_RXRPC is not set
649
650 #
651 # Wireless
652 #
653 # CONFIG_CFG80211 is not set
654 # CONFIG_WIRELESS_EXT is not set
655 # CONFIG_MAC80211 is not set
656 # CONFIG_IEEE80211 is not set
657 # CONFIG_RFKILL is not set
658 # CONFIG_NET_9P is not set
659
660 #
661 # Device Drivers
662 #
663
664 #
665 # Generic Driver Options
666 #
667 CONFIG_STANDALONE=y
668 CONFIG_PREVENT_FIRMWARE_BUILD=y
669 # CONFIG_FW_LOADER is not set
670 # CONFIG_SYS_HYPERVISOR is not set
671 # CONFIG_CONNECTOR is not set
672 # CONFIG_MTD is not set
673 # CONFIG_PARPORT is not set
674 CONFIG_BLK_DEV=y
675 # CONFIG_BLK_DEV_FD is not set
676 # CONFIG_BLK_CPQ_DA is not set
677 # CONFIG_BLK_CPQ_CISS_DA is not set
678 # CONFIG_BLK_DEV_DAC960 is not set
679 # CONFIG_BLK_DEV_UMEM is not set
680 # CONFIG_BLK_DEV_COW_COMMON is not set
681 CONFIG_BLK_DEV_LOOP=y
682 CONFIG_BLK_DEV_CRYPTOLOOP=y
683 # CONFIG_BLK_DEV_NBD is not set
684 # CONFIG_BLK_DEV_SX8 is not set
685 CONFIG_BLK_DEV_RAM=y
686 CONFIG_BLK_DEV_RAM_COUNT=16
687 CONFIG_BLK_DEV_RAM_SIZE=4096
688 CONFIG_BLK_DEV_RAM_BLOCKSIZE=1024
689 # CONFIG_CDROM_PKTCDVD is not set
690 # CONFIG_ATA_OVER_ETH is not set
691 # CONFIG_MISC_DEVICES is not set
692 CONFIG_IDE=y
693 CONFIG_BLK_DEV_IDE=y
694
695 #
696 # Please see Documentation/ide.txt for help/info on IDE drives
697 #
698 # CONFIG_BLK_DEV_IDE_SATA is not set
699 # CONFIG_BLK_DEV_HD_IDE is not set
700 CONFIG_BLK_DEV_IDEDISK=y
701 CONFIG_IDEDISK_MULTI_MODE=y
702 CONFIG_BLK_DEV_IDECD=y
703 # CONFIG_BLK_DEV_IDETAPE is not set
704 # CONFIG_BLK_DEV_IDEFLOPPY is not set
705 # CONFIG_BLK_DEV_IDESCSI is not set
706 # CONFIG_IDE_TASK_IOCTL is not set
707 CONFIG_IDE_PROC_FS=y
708
709 #
710 # IDE chipset support/bugfixes
711 #
712 CONFIG_IDE_GENERIC=y
713 # CONFIG_BLK_DEV_CMD640 is not set
714 CONFIG_BLK_DEV_IDEPCI=y
715 CONFIG_IDEPCI_SHARE_IRQ=y
716 CONFIG_IDEPCI_PCIBUS_ORDER=y
717 # CONFIG_BLK_DEV_OFFBOARD is not set
718 CONFIG_BLK_DEV_GENERIC=y
719 # CONFIG_BLK_DEV_OPTI621 is not set
720 # CONFIG_BLK_DEV_RZ1000 is not set
721 CONFIG_BLK_DEV_IDEDMA_PCI=y
722 # CONFIG_BLK_DEV_IDEDMA_FORCED is not set
723 # CONFIG_IDEDMA_ONLYDISK is not set
724 # CONFIG_BLK_DEV_AEC62XX is not set
725 # CONFIG_BLK_DEV_ALI15X3 is not set
726 # CONFIG_BLK_DEV_AMD74XX is not set
727 # CONFIG_BLK_DEV_ATIIXP is not set
728 # CONFIG_BLK_DEV_CMD64X is not set
729 # CONFIG_BLK_DEV_TRIFLEX is not set
730 # CONFIG_BLK_DEV_CY82C693 is not set
731 # CONFIG_BLK_DEV_CS5520 is not set
732 # CONFIG_BLK_DEV_CS5530 is not set
733 # CONFIG_BLK_DEV_CS5535 is not set
734 # CONFIG_BLK_DEV_HPT34X is not set
735 # CONFIG_BLK_DEV_HPT366 is not set
736 # CONFIG_BLK_DEV_JMICRON is not set
737 # CONFIG_BLK_DEV_SC1200 is not set
738 CONFIG_BLK_DEV_PIIX=y
739 # CONFIG_BLK_DEV_IT8213 is not set
740 # CONFIG_BLK_DEV_IT821X is not set
741 # CONFIG_BLK_DEV_NS87415 is not set
742 # CONFIG_BLK_DEV_PDC202XX_OLD is not set
743 # CONFIG_BLK_DEV_PDC202XX_NEW is not set
744 # CONFIG_BLK_DEV_SVWKS is not set
745 # CONFIG_BLK_DEV_SIIMAGE is not set
746 # CONFIG_BLK_DEV_SIS5513 is not set
747 # CONFIG_BLK_DEV_SLC90E66 is not set
748 # CONFIG_BLK_DEV_TRM290 is not set
749 # CONFIG_BLK_DEV_VIA82CXXX is not set
750 # CONFIG_BLK_DEV_TC86C001 is not set
751 # CONFIG_IDE_ARM is not set
752 CONFIG_BLK_DEV_IDEDMA=y
753 # CONFIG_IDEDMA_IVB is not set
754 # CONFIG_BLK_DEV_HD is not set
755
756 #
757 # SCSI device support
758 #
759 # CONFIG_RAID_ATTRS is not set
760 CONFIG_SCSI=y
761 CONFIG_SCSI_DMA=y
762 # CONFIG_SCSI_TGT is not set
763 # CONFIG_SCSI_NETLINK is not set
764 # CONFIG_SCSI_PROC_FS is not set
765
766 #
767 # SCSI support type (disk, tape, CD-ROM)
768 #
769 # CONFIG_BLK_DEV_SD is not set
770 # CONFIG_CHR_DEV_ST is not set
771 # CONFIG_CHR_DEV_OSST is not set
772 # CONFIG_BLK_DEV_SR is not set
773 # CONFIG_CHR_DEV_SG is not set
774 # CONFIG_CHR_DEV_SCH is not set
775
776 #
777 # Some SCSI devices (e.g. CD jukebox) support multiple LUNs
778 #
779 # CONFIG_SCSI_MULTI_LUN is not set
780 # CONFIG_SCSI_CONSTANTS is not set
781 # CONFIG_SCSI_LOGGING is not set
782 # CONFIG_SCSI_SCAN_ASYNC is not set
783
784 #
785 # SCSI Transports
786 #
787 # CONFIG_SCSI_SPI_ATTRS is not set
788 # CONFIG_SCSI_FC_ATTRS is not set
789 # CONFIG_SCSI_ISCSI_ATTRS is not set
790 # CONFIG_SCSI_SAS_LIBSAS is not set
791 # CONFIG_SCSI_LOWLEVEL is not set
792 # CONFIG_ATA is not set
793 CONFIG_MD=y
794 # CONFIG_BLK_DEV_MD is not set
795 CONFIG_BLK_DEV_DM=y
796 # CONFIG_DM_DEBUG is not set
797 CONFIG_DM_CRYPT=y
798 CONFIG_DM_SNAPSHOT=y
799 CONFIG_DM_MIRROR=y
800 CONFIG_DM_ZERO=y
801 CONFIG_DM_MULTIPATH=y
802 # CONFIG_DM_MULTIPATH_EMC is not set
803 # CONFIG_DM_MULTIPATH_RDAC is not set
804 # CONFIG_DM_DELAY is not set
805
806 #
807 # Fusion MPT device support
808 #
809 # CONFIG_FUSION is not set
810 # CONFIG_FUSION_SPI is not set
811 # CONFIG_FUSION_FC is not set
812 # CONFIG_FUSION_SAS is not set
813
814 #
815 # IEEE 1394 (FireWire) support
816 #
817 # CONFIG_FIREWIRE is not set
818 # CONFIG_IEEE1394 is not set
819 # CONFIG_I2O is not set
820 # CONFIG_MACINTOSH_DRIVERS is not set
821 CONFIG_NETDEVICES=y
822 # CONFIG_NETDEVICES_MULTIQUEUE is not set
823 # CONFIG_DUMMY is not set
824 # CONFIG_BONDING is not set
825 # CONFIG_MACVLAN is not set
826 # CONFIG_EQUALIZER is not set
827 # CONFIG_TUN is not set
828 # CONFIG_ARCNET is not set
829 # CONFIG_PHYLIB is not set
830 CONFIG_NET_ETHERNET=y
831 CONFIG_MII=y
832 # CONFIG_HAPPYMEAL is not set
833 # CONFIG_SUNGEM is not set
834 # CONFIG_CASSINI is not set
835 # CONFIG_NET_VENDOR_3COM is not set
836 CONFIG_NET_TULIP=y
837 # CONFIG_DE2104X is not set
838 CONFIG_TULIP=y
839 # CONFIG_TULIP_MWI is not set
840 # CONFIG_TULIP_MMIO is not set
841 # CONFIG_TULIP_NAPI is not set
842 # CONFIG_DE4X5 is not set
843 # CONFIG_WINBOND_840 is not set
844 # CONFIG_DM9102 is not set
845 # CONFIG_ULI526X is not set
846 # CONFIG_HP100 is not set
847 CONFIG_NET_PCI=y
848 CONFIG_PCNET32=y
849 # CONFIG_PCNET32_NAPI is not set
850 # CONFIG_AMD8111_ETH is not set
851 # CONFIG_ADAPTEC_STARFIRE is not set
852 # CONFIG_B44 is not set
853 # CONFIG_FORCEDETH is not set
854 # CONFIG_DGRS is not set
855 # CONFIG_EEPRO100 is not set
856 # CONFIG_E100 is not set
857 # CONFIG_FEALNX is not set
858 # CONFIG_NATSEMI is not set
859 # CONFIG_NE2K_PCI is not set
860 # CONFIG_8139CP is not set
861 # CONFIG_8139TOO is not set
862 # CONFIG_SIS900 is not set
863 # CONFIG_EPIC100 is not set
864 # CONFIG_SUNDANCE is not set
865 # CONFIG_TLAN is not set
866 # CONFIG_VIA_RHINE is not set
867 # CONFIG_SC92031 is not set
868 # CONFIG_NETDEV_1000 is not set
869 # CONFIG_NETDEV_10000 is not set
870 # CONFIG_TR is not set
871
872 #
873 # Wireless LAN
874 #
875 # CONFIG_WLAN_PRE80211 is not set
876 # CONFIG_WLAN_80211 is not set
877 # CONFIG_WAN is not set
878 # CONFIG_FDDI is not set
879 # CONFIG_HIPPI is not set
880 # CONFIG_PPP is not set
881 # CONFIG_SLIP is not set
882 # CONFIG_NET_FC is not set
883 # CONFIG_SHAPER is not set
884 CONFIG_NETCONSOLE=y
885 CONFIG_NETPOLL=y
886 # CONFIG_NETPOLL_TRAP is not set
887 CONFIG_NET_POLL_CONTROLLER=y
888 # CONFIG_ISDN is not set
889 # CONFIG_PHONE is not set
890
891 #
892 # Input device support
893 #
894 CONFIG_INPUT=y
895 # CONFIG_INPUT_FF_MEMLESS is not set
896 # CONFIG_INPUT_POLLDEV is not set
897
898 #
899 # Userland interfaces
900 #
901 CONFIG_INPUT_MOUSEDEV=y
902 CONFIG_INPUT_MOUSEDEV_PSAUX=y
903 CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
904 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
905 # CONFIG_INPUT_JOYDEV is not set
906 # CONFIG_INPUT_TSDEV is not set
907 CONFIG_INPUT_EVDEV=y
908 # CONFIG_INPUT_EVBUG is not set
909
910 #
911 # Input Device Drivers
912 #
913 CONFIG_INPUT_KEYBOARD=y
914 CONFIG_KEYBOARD_ATKBD=y
915 # CONFIG_KEYBOARD_SUNKBD is not set
916 # CONFIG_KEYBOARD_LKKBD is not set
917 # CONFIG_KEYBOARD_XTKBD is not set
918 # CONFIG_KEYBOARD_NEWTON is not set
919 # CONFIG_KEYBOARD_STOWAWAY is not set
920 # CONFIG_INPUT_MOUSE is not set
921 # CONFIG_INPUT_JOYSTICK is not set
922 # CONFIG_INPUT_TABLET is not set
923 # CONFIG_INPUT_TOUCHSCREEN is not set
924 # CONFIG_INPUT_MISC is not set
925
926 #
927 # Hardware I/O ports
928 #
929 CONFIG_SERIO=y
930 CONFIG_SERIO_I8042=y
931 # CONFIG_SERIO_SERPORT is not set
932 # CONFIG_SERIO_CT82C710 is not set
933 # CONFIG_SERIO_PCIPS2 is not set
934 CONFIG_SERIO_LIBPS2=y
935 # CONFIG_SERIO_RAW is not set
936 # CONFIG_GAMEPORT is not set
937
938 #
939 # Character devices
940 #
941 CONFIG_VT=y
942 CONFIG_VT_CONSOLE=y
943 CONFIG_HW_CONSOLE=y
944 # CONFIG_VT_HW_CONSOLE_BINDING is not set
945 # CONFIG_SERIAL_NONSTANDARD is not set
946
947 #
948 # Serial drivers
949 #
950 CONFIG_SERIAL_8250=y
951 CONFIG_SERIAL_8250_CONSOLE=y
952 CONFIG_FIX_EARLYCON_MEM=y
953 CONFIG_SERIAL_8250_PCI=y
954 CONFIG_SERIAL_8250_NR_UARTS=4
955 CONFIG_SERIAL_8250_RUNTIME_UARTS=4
956 # CONFIG_SERIAL_8250_EXTENDED is not set
957
958 #
959 # Non-8250 serial port support
960 #
961 CONFIG_SERIAL_CORE=y
962 CONFIG_SERIAL_CORE_CONSOLE=y
963 # CONFIG_SERIAL_JSM is not set
964 CONFIG_UNIX98_PTYS=y
965 CONFIG_LEGACY_PTYS=y
966 CONFIG_LEGACY_PTY_COUNT=256
967 # CONFIG_IPMI_HANDLER is not set
968 # CONFIG_WATCHDOG is not set
969 CONFIG_HW_RANDOM=y
970 CONFIG_HW_RANDOM_INTEL=y
971 # CONFIG_HW_RANDOM_AMD is not set
972 # CONFIG_HW_RANDOM_GEODE is not set
973 # CONFIG_HW_RANDOM_VIA is not set
974 # CONFIG_NVRAM is not set
975 CONFIG_RTC=y
976 # CONFIG_R3964 is not set
977 # CONFIG_APPLICOM is not set
978 # CONFIG_SONYPI is not set
979 # CONFIG_AGP is not set
980 # CONFIG_DRM is not set
981 # CONFIG_MWAVE is not set
982 # CONFIG_PC8736x_GPIO is not set
983 # CONFIG_NSC_GPIO is not set
984 # CONFIG_CS5535_GPIO is not set
985 # CONFIG_RAW_DRIVER is not set
986 # CONFIG_HANGCHECK_TIMER is not set
987 # CONFIG_TCG_TPM is not set
988 # CONFIG_TELCLOCK is not set
989 CONFIG_DEVPORT=y
990 # CONFIG_I2C is not set
991
992 #
993 # SPI support
994 #
995 # CONFIG_SPI is not set
996 # CONFIG_SPI_MASTER is not set
997 # CONFIG_W1 is not set
998 # CONFIG_POWER_SUPPLY is not set
999 # CONFIG_HWMON is not set
1000
1001 #
1002 # Multifunction device drivers
1003 #
1004 # CONFIG_MFD_SM501 is not set
1005
1006 #
1007 # Multimedia devices
1008 #
1009 # CONFIG_VIDEO_DEV is not set
1010 # CONFIG_DVB_CORE is not set
1011 # CONFIG_DAB is not set
1012
1013 #
1014 # Graphics support
1015 #
1016 # CONFIG_BACKLIGHT_LCD_SUPPORT is not set
1017
1018 #
1019 # Display device support
1020 #
1021 # CONFIG_DISPLAY_SUPPORT is not set
1022 # CONFIG_VGASTATE is not set
1023 # CONFIG_VIDEO_OUTPUT_CONTROL is not set
1024 # CONFIG_FB is not set
1025
1026 #
1027 # Console display driver support
1028 #
1029 CONFIG_VGA_CONSOLE=y
1030 CONFIG_VGACON_SOFT_SCROLLBACK=y
1031 CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=128
1032 CONFIG_VIDEO_SELECT=y
1033 CONFIG_DUMMY_CONSOLE=y
1034
1035 #
1036 # Sound
1037 #
1038 # CONFIG_SOUND is not set
1039 # CONFIG_HID_SUPPORT is not set
1040 # CONFIG_USB_SUPPORT is not set
1041 # CONFIG_MMC is not set
1042 # CONFIG_NEW_LEDS is not set
1043 # CONFIG_INFINIBAND is not set
1044 # CONFIG_EDAC is not set
1045 CONFIG_RTC_LIB=y
1046 CONFIG_RTC_CLASS=y
1047 CONFIG_RTC_HCTOSYS=y
1048 CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
1049 # CONFIG_RTC_DEBUG is not set
1050
1051 #
1052 # RTC interfaces
1053 #
1054 CONFIG_RTC_INTF_SYSFS=y
1055 CONFIG_RTC_INTF_PROC=y
1056 CONFIG_RTC_INTF_DEV=y
1057 # CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
1058 # CONFIG_RTC_DRV_TEST is not set
1059
1060 #
1061 # SPI RTC drivers
1062 #
1063
1064 #
1065 # Platform RTC drivers
1066 #
1067 CONFIG_RTC_DRV_CMOS=y
1068 # CONFIG_RTC_DRV_DS1553 is not set
1069 # CONFIG_RTC_DRV_STK17TA8 is not set
1070 # CONFIG_RTC_DRV_DS1742 is not set
1071 # CONFIG_RTC_DRV_M48T86 is not set
1072 # CONFIG_RTC_DRV_M48T59 is not set
1073 # CONFIG_RTC_DRV_V3020 is not set
1074
1075 #
1076 # on-CPU RTC drivers
1077 #
1078
1079 #
1080 # DMA Engine support
1081 #
1082 # CONFIG_DMA_ENGINE is not set
1083
1084 #
1085 # DMA Clients
1086 #
1087
1088 #
1089 # DMA Devices
1090 #
1091 # CONFIG_VIRTUALIZATION is not set
1092
1093 #
1094 # Userspace I/O
1095 #
1096 # CONFIG_UIO is not set
1097
1098 #
1099 # File systems
1100 #
1101 CONFIG_EXT2_FS=y
1102 CONFIG_EXT2_FS_XATTR=y
1103 CONFIG_EXT2_FS_POSIX_ACL=y
1104 # CONFIG_EXT2_FS_SECURITY is not set
1105 # CONFIG_EXT2_FS_XIP is not set
1106 CONFIG_EXT3_FS=y
1107 CONFIG_EXT3_FS_XATTR=y
1108 CONFIG_EXT3_FS_POSIX_ACL=y
1109 # CONFIG_EXT3_FS_SECURITY is not set
1110 # CONFIG_EXT4DEV_FS is not set
1111 CONFIG_JBD=y
1112 # CONFIG_JBD_DEBUG is not set
1113 CONFIG_FS_MBCACHE=y
1114 # CONFIG_REISERFS_FS is not set
1115 # CONFIG_JFS_FS is not set
1116 CONFIG_FS_POSIX_ACL=y
1117 # CONFIG_XFS_FS is not set
1118 # CONFIG_GFS2_FS is not set
1119 # CONFIG_OCFS2_FS is not set
1120 # CONFIG_MINIX_FS is not set
1121 # CONFIG_ROMFS_FS is not set
1122 # CONFIG_INOTIFY is not set
1123 # CONFIG_QUOTA is not set
1124 CONFIG_DNOTIFY=y
1125 # CONFIG_AUTOFS_FS is not set
1126 # CONFIG_AUTOFS4_FS is not set
1127 # CONFIG_FUSE_FS is not set
1128 CONFIG_GENERIC_ACL=y
1129
1130 #
1131 # CD-ROM/DVD Filesystems
1132 #
1133 CONFIG_ISO9660_FS=y
1134 CONFIG_JOLIET=y
1135 CONFIG_ZISOFS=y
1136 CONFIG_UDF_FS=y
1137 CONFIG_UDF_NLS=y
1138
1139 #
1140 # DOS/FAT/NT Filesystems
1141 #
1142 CONFIG_FAT_FS=y
1143 CONFIG_MSDOS_FS=y
1144 CONFIG_VFAT_FS=y
1145 CONFIG_FAT_DEFAULT_CODEPAGE=850
1146 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
1147 CONFIG_NTFS_FS=y
1148 # CONFIG_NTFS_DEBUG is not set
1149 # CONFIG_NTFS_RW is not set
1150
1151 #
1152 # Pseudo filesystems
1153 #
1154 CONFIG_PROC_FS=y
1155 CONFIG_PROC_KCORE=y
1156 CONFIG_PROC_SYSCTL=y
1157 CONFIG_SYSFS=y
1158 CONFIG_TMPFS=y
1159 CONFIG_TMPFS_POSIX_ACL=y
1160 CONFIG_HUGETLBFS=y
1161 CONFIG_HUGETLB_PAGE=y
1162 CONFIG_RAMFS=y
1163 # CONFIG_CONFIGFS_FS is not set
1164
1165 #
1166 # Miscellaneous filesystems
1167 #
1168 # CONFIG_ADFS_FS is not set
1169 # CONFIG_AFFS_FS is not set
1170 # CONFIG_HFS_FS is not set
1171 # CONFIG_HFSPLUS_FS is not set
1172 # CONFIG_BEFS_FS is not set
1173 # CONFIG_BFS_FS is not set
1174 # CONFIG_EFS_FS is not set
1175 # CONFIG_CRAMFS is not set
1176 # CONFIG_VXFS_FS is not set
1177 # CONFIG_HPFS_FS is not set
1178 # CONFIG_QNX4FS_FS is not set
1179 # CONFIG_SYSV_FS is not set
1180 # CONFIG_UFS_FS is not set
1181
1182 #
1183 # Network File Systems
1184 #
1185 # CONFIG_NFS_FS is not set
1186 # CONFIG_NFSD is not set
1187 # CONFIG_SMB_FS is not set
1188 # CONFIG_CIFS is not set
1189 # CONFIG_NCP_FS is not set
1190 # CONFIG_CODA_FS is not set
1191 # CONFIG_AFS_FS is not set
1192
1193 #
1194 # Partition Types
1195 #
1196 # CONFIG_PARTITION_ADVANCED is not set
1197 CONFIG_MSDOS_PARTITION=y
1198
1199 #
1200 # Native Language Support
1201 #
1202 CONFIG_NLS=y
1203 CONFIG_NLS_DEFAULT="iso8859-1"
1204 CONFIG_NLS_CODEPAGE_437=y
1205 # CONFIG_NLS_CODEPAGE_737 is not set
1206 # CONFIG_NLS_CODEPAGE_775 is not set
1207 CONFIG_NLS_CODEPAGE_850=y
1208 # CONFIG_NLS_CODEPAGE_852 is not set
1209 # CONFIG_NLS_CODEPAGE_855 is not set
1210 # CONFIG_NLS_CODEPAGE_857 is not set
1211 # CONFIG_NLS_CODEPAGE_860 is not set
1212 # CONFIG_NLS_CODEPAGE_861 is not set
1213 # CONFIG_NLS_CODEPAGE_862 is not set
1214 # CONFIG_NLS_CODEPAGE_863 is not set
1215 # CONFIG_NLS_CODEPAGE_864 is not set
1216 # CONFIG_NLS_CODEPAGE_865 is not set
1217 # CONFIG_NLS_CODEPAGE_866 is not set
1218 # CONFIG_NLS_CODEPAGE_869 is not set
1219 # CONFIG_NLS_CODEPAGE_936 is not set
1220 # CONFIG_NLS_CODEPAGE_950 is not set
1221 # CONFIG_NLS_CODEPAGE_932 is not set
1222 # CONFIG_NLS_CODEPAGE_949 is not set
1223 # CONFIG_NLS_CODEPAGE_874 is not set
1224 # CONFIG_NLS_ISO8859_8 is not set
1225 # CONFIG_NLS_CODEPAGE_1250 is not set
1226 # CONFIG_NLS_CODEPAGE_1251 is not set
1227 CONFIG_NLS_ASCII=y
1228 CONFIG_NLS_ISO8859_1=y
1229 # CONFIG_NLS_ISO8859_2 is not set
1230 # CONFIG_NLS_ISO8859_3 is not set
1231 # CONFIG_NLS_ISO8859_4 is not set
1232 # CONFIG_NLS_ISO8859_5 is not set
1233 # CONFIG_NLS_ISO8859_6 is not set
1234 # CONFIG_NLS_ISO8859_7 is not set
1235 # CONFIG_NLS_ISO8859_9 is not set
1236 # CONFIG_NLS_ISO8859_13 is not set
1237 # CONFIG_NLS_ISO8859_14 is not set
1238 CONFIG_NLS_ISO8859_15=y
1239 # CONFIG_NLS_KOI8_R is not set
1240 # CONFIG_NLS_KOI8_U is not set
1241 CONFIG_NLS_UTF8=y
1242
1243 #
1244 # Distributed Lock Manager
1245 #
1246 # CONFIG_DLM is not set
1247 # CONFIG_INSTRUMENTATION is not set
1248
1249 #
1250 # Kernel hacking
1251 #
1252 CONFIG_TRACE_IRQFLAGS_SUPPORT=y
1253 # CONFIG_PRINTK_TIME is not set
1254 # CONFIG_ENABLE_MUST_CHECK is not set
1255 # CONFIG_MAGIC_SYSRQ is not set
1256 # CONFIG_UNUSED_SYMBOLS is not set
1257 # CONFIG_DEBUG_FS is not set
1258 # CONFIG_HEADERS_CHECK is not set
1259 # CONFIG_DEBUG_KERNEL is not set
1260 CONFIG_DEBUG_BUGVERBOSE=y
1261 CONFIG_EARLY_PRINTK=y
1262 CONFIG_X86_FIND_SMP_CONFIG=y
1263 CONFIG_X86_MPPARSE=y
1264 CONFIG_DOUBLEFAULT=y
1265
1266 #
1267 # Security options
1268 #
1269
1270 #
1271 # PaX
1272 #
1273 CONFIG_PAX=y
1274
1275 #
1276 # PaX Control
1277 #
1278 CONFIG_PAX_SOFTMODE=y
1279 # CONFIG_PAX_EI_PAX is not set
1280 # CONFIG_PAX_PT_PAX_FLAGS is not set
1281 # CONFIG_PAX_NO_ACL_FLAGS is not set
1282 CONFIG_PAX_HAVE_ACL_FLAGS=y
1283 # CONFIG_PAX_HOOK_ACL_FLAGS is not set
1284
1285 #
1286 # Non-executable pages
1287 #
1288 CONFIG_PAX_NOEXEC=y
1289 CONFIG_PAX_SEGMEXEC=y
1290 # CONFIG_PAX_EMUTRAMP is not set
1291 CONFIG_PAX_MPROTECT=y
1292 CONFIG_PAX_NOELFRELOCS=y
1293
1294 #
1295 # Address Space Layout Randomization
1296 #
1297 CONFIG_PAX_ASLR=y
1298 CONFIG_PAX_RANDUSTACK=y
1299 CONFIG_PAX_RANDMMAP=y
1300
1301 #
1302 # Miscellaneous hardening features
1303 #
1304 # CONFIG_PAX_MEMORY_SANITIZE is not set
1305 # CONFIG_PAX_MEMORY_UDEREF is not set
1306 # CONFIG_KEYS is not set
1307 # CONFIG_SECURITY is not set
1308 CONFIG_CRYPTO=y
1309 CONFIG_CRYPTO_ALGAPI=y
1310 CONFIG_CRYPTO_BLKCIPHER=y
1311 CONFIG_CRYPTO_MANAGER=y
1312 # CONFIG_CRYPTO_HMAC is not set
1313 # CONFIG_CRYPTO_XCBC is not set
1314 # CONFIG_CRYPTO_NULL is not set
1315 CONFIG_CRYPTO_MD4=y
1316 CONFIG_CRYPTO_MD5=y
1317 CONFIG_CRYPTO_SHA1=y
1318 CONFIG_CRYPTO_SHA256=y
1319 CONFIG_CRYPTO_SHA512=y
1320 # CONFIG_CRYPTO_WP512 is not set
1321 # CONFIG_CRYPTO_TGR192 is not set
1322 # CONFIG_CRYPTO_GF128MUL is not set
1323 CONFIG_CRYPTO_ECB=y
1324 CONFIG_CRYPTO_CBC=y
1325 CONFIG_CRYPTO_PCBC=y
1326 # CONFIG_CRYPTO_LRW is not set
1327 # CONFIG_CRYPTO_CRYPTD is not set
1328 # CONFIG_CRYPTO_DES is not set
1329 # CONFIG_CRYPTO_FCRYPT is not set
1330 # CONFIG_CRYPTO_BLOWFISH is not set
1331 CONFIG_CRYPTO_TWOFISH=y
1332 CONFIG_CRYPTO_TWOFISH_COMMON=y
1333 CONFIG_CRYPTO_TWOFISH_586=y
1334 CONFIG_CRYPTO_SERPENT=y
1335 CONFIG_CRYPTO_AES=y
1336 CONFIG_CRYPTO_AES_586=y
1337 # CONFIG_CRYPTO_CAST5 is not set
1338 # CONFIG_CRYPTO_CAST6 is not set
1339 # CONFIG_CRYPTO_TEA is not set
1340 # CONFIG_CRYPTO_ARC4 is not set
1341 # CONFIG_CRYPTO_KHAZAD is not set
1342 # CONFIG_CRYPTO_ANUBIS is not set
1343 # CONFIG_CRYPTO_DEFLATE is not set
1344 # CONFIG_CRYPTO_MICHAEL_MIC is not set
1345 # CONFIG_CRYPTO_CRC32C is not set
1346 # CONFIG_CRYPTO_CAMELLIA is not set
1347 # CONFIG_CRYPTO_HW is not set
1348
1349 #
1350 # Library routines
1351 #
1352 CONFIG_BITREVERSE=y
1353 # CONFIG_CRC_CCITT is not set
1354 # CONFIG_CRC16 is not set
1355 # CONFIG_CRC_ITU_T is not set
1356 CONFIG_CRC32=y
1357 # CONFIG_CRC7 is not set
1358 # CONFIG_LIBCRC32C is not set
1359 CONFIG_ZLIB_INFLATE=y
1360 CONFIG_TEXTSEARCH=y
1361 CONFIG_TEXTSEARCH_KMP=y
1362 CONFIG_TEXTSEARCH_BM=y
1363 CONFIG_TEXTSEARCH_FSM=y
1364 CONFIG_PLIST=y
1365 CONFIG_HAS_IOMEM=y
1366 CONFIG_HAS_IOPORT=y
1367 CONFIG_HAS_DMA=y
1368 CONFIG_GENERIC_HARDIRQS=y
1369 CONFIG_GENERIC_IRQ_PROBE=y
1370 CONFIG_X86_BIOS_REBOOT=y
1371 CONFIG_KTIME_SCALAR=y
1372 2008/12/21 Sadako <sadako@××××××××××××××.ca>:
1373 >> I have one virtualbox using VT extensions, and runs fine. I have used
1374 >> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
1375 >> and all others on (peMRXS flags) and goes fine (with pageexec does not
1376 >> work, hangs at boot, so I switch segmexec). I think that you shouldn't
1377 >> have any troubles with kvm, if you have some try using virtualbox.
1378 >> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
1379 >> runs fine too and I think is safe. Not hangs at the moment.
1380 >>
1381 >> 2008/12/16 Romain BERGE <romain.berge@×××××.com>:
1382 >>> Hey all,
1383 >>>
1384 >>> I am wondering of using and AMD CPU with the AMD-V.
1385 >>> I wonder of using KVM to virtualise a few Hardened server.
1386 >>>
1387 >>> Someone used already KVM+ Hardened ?
1388 >>>
1389 >>> Working fine ?
1390 >>>
1391 >>> Thanks
1392 >>>
1393 >>> Regards
1394 >>>
1395 >>>
1396 >>
1397 >>
1398 > Do you actually have the virtualbox _host_ running under hardened-sources?
1399 > If so, could you please upload your kernel config somewhere?
1400 >
1401 > I've been trying to do the same, but upon trying to boot a guest (any
1402 > guest) via virtualbox the host box locks up, and I've tried everything I
1403 > can think of, including disabling _all_ grsec and pax options within the
1404 > kernel...
1405 >
1406 >
1407 >
Report Message
Find on MARC Find on Google Groups