forked from fedberry/kernel
-
Notifications
You must be signed in to change notification settings - Fork 5
/
config-bcm283x.cfg
100 lines (87 loc) · 2.58 KB
/
config-bcm283x.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
##################################################
# FedBerry BCM283x specific kernel config options
##################################################
#Unset local version
CONFIG_LOCALVERSION=""
#Namespaces support for systemd-hostnamed
CONFIG_NAMESPACES=y
CONFIG_PID_NS=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_NET_NS=y
CONFIG_USER_NS=y
#Enable PREEMPT_VOLUNTARY
CONFIG_PREEMPT_VOLUNTARY=y
CONFIG_PREEMPT=n
#Add / edit our own default kernel boot time options
CONFIG_CMDLINE="dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait nortc"
CONFIG_CMDLINE_FROM_BOOTLOADER=y
CONFIG_CMDLINE_EXTEND=n
CONFIG_CMDLINE_FORCE=n
#Use ondemand govenor by default
CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE=n
CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
#Enable auditing infrastructure (SELinux needs this)
CONFIG_AUDIT=y
CONFIG_AUDIT_GENERIC=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_AUDITSYSCALL=y
#Enable some SECCOMP filter options (need to disable OABI first)
CONFIG_OABI_COMPAT=n
#We want to use our own logo
CONFIG_LOGO_LINUX_CLUT224=n
#IPV6 should be built in (saves some selinux hassels)
CONFIG_IPV6=y
CONFIG_CRC_CCITT=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_IP_NF_IPTABLES=y
#Enable SELinux
CONFIG_PERSISTENT_KEYRINGS=y
CONFIG_BIG_KEYS=y
CONFIG_ENCRYPTED_KEYS=m
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=n
CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=n
CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
CONFIG_SECURITY_SMACK=n
CONFIG_SECURITY_TOMOYO=n
CONFIG_SECURITY_APPARMOR=n
CONFIG_SECURITY_LOADPIN=n
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
CONFIG_INTEGRITY=n
CONFIG_DEFAULT_SECURITY_SELINUX=y
CONFIG_DEFAULT_SECURITY_YAMA=n
CONFIG_DEFAULT_SECURITY_DAC=n
CONFIG_DEFAULT_SECURITY="selinux"
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
CONFIG_NETLABEL=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP6_NF_SECURITY=m
CONFIG_F2FS_FS_SECURITY=y
#Enable NFSv4_2
CONFIG_NFS_V2=n
CONFIG_NFS_V4_1_MIGRATION=n
CONFIG_NFS_V4_2=y
CONFIG_NFSD_PNFS=y
CONFIG_NFSD_V4_SECURITY_LABEL=y
CONFIG_LOCKD=m
# Enable btrfs support
CONFIG_BTRFS_FS=y
CONFIG_CMA_DEBUGFS=y