Browse code
linux: Enabled following for x86_64 and aarch64 in .config
* Enabled Kernel Address Space Layout Randomization
* Enabled CONFIG_SECURITY_NETWORK_XFRM
Change-Id: I7ea0d9051e4183f19d3d7cdf572981116774c023
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6475
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Ajay Kaher <akaher@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Ankit Jain authored on 2019/01/09 23:39:35Showing 3 changed files
| ... | ... |
@@ -412,7 +412,11 @@ CONFIG_CRASH_DUMP=y |
| 412 | 412 |
# CONFIG_KEXEC_JUMP is not set |
| 413 | 413 |
CONFIG_PHYSICAL_START=0x1000000 |
| 414 | 414 |
CONFIG_RELOCATABLE=y |
| 415 |
-# CONFIG_RANDOMIZE_BASE is not set |
|
| 415 |
+CONFIG_RANDOMIZE_BASE=y |
|
| 416 |
+CONFIG_X86_NEED_RELOCS=y |
|
| 417 |
+CONFIG_DYNAMIC_MEMORY_LAYOUT=y |
|
| 418 |
+CONFIG_RANDOMIZE_MEMORY=y |
|
| 419 |
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa |
|
| 416 | 420 |
CONFIG_PHYSICAL_ALIGN=0x1000000 |
| 417 | 421 |
CONFIG_HOTPLUG_CPU=y |
| 418 | 422 |
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set |
| ... | ... |
@@ -5332,7 +5336,7 @@ CONFIG_SECURITY=y |
| 5332 | 5332 |
CONFIG_SECURITYFS=y |
| 5333 | 5333 |
CONFIG_SECURITY_NETWORK=y |
| 5334 | 5334 |
CONFIG_PAGE_TABLE_ISOLATION=y |
| 5335 |
-# CONFIG_SECURITY_NETWORK_XFRM is not set |
|
| 5335 |
+CONFIG_SECURITY_NETWORK_XFRM=y |
|
| 5336 | 5336 |
CONFIG_SECURITY_PATH=y |
| 5337 | 5337 |
CONFIG_INTEL_TXT=y |
| 5338 | 5338 |
CONFIG_LSM_MMAP_MIN_ADDR=65536 |
| ... | ... |
@@ -452,7 +452,9 @@ CONFIG_ARM64_UAO=y |
| 452 | 452 |
# CONFIG_ARM64_RAS_EXTN is not set |
| 453 | 453 |
# CONFIG_ARM64_SVE is not set |
| 454 | 454 |
CONFIG_ARM64_MODULE_PLTS=y |
| 455 |
-# CONFIG_RANDOMIZE_BASE is not set |
|
| 455 |
+CONFIG_RELOCATABLE=y |
|
| 456 |
+CONFIG_RANDOMIZE_BASE=y |
|
| 457 |
+CONFIG_RANDOMIZE_MODULE_REGION_FULL=y |
|
| 456 | 458 |
|
| 457 | 459 |
# |
| 458 | 460 |
# Boot options |
| ... | ... |
@@ -5605,7 +5607,7 @@ CONFIG_ENCRYPTED_KEYS=m |
| 5605 | 5605 |
CONFIG_SECURITY=y |
| 5606 | 5606 |
CONFIG_SECURITYFS=y |
| 5607 | 5607 |
CONFIG_SECURITY_NETWORK=y |
| 5608 |
-# CONFIG_SECURITY_NETWORK_XFRM is not set |
|
| 5608 |
+CONFIG_SECURITY_NETWORK_XFRM=y |
|
| 5609 | 5609 |
CONFIG_SECURITY_PATH=y |
| 5610 | 5610 |
CONFIG_LSM_MMAP_MIN_ADDR=65536 |
| 5611 | 5611 |
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.19.6 |
| 5 |
-Release: 5%{?kat_build:.%kat_build}%{?dist}
|
|
| 5 |
+Release: 6%{?kat_build:.%kat_build}%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -386,6 +386,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 386 | 386 |
%endif |
| 387 | 387 |
|
| 388 | 388 |
%changelog |
| 389 |
+* Wed Jan 09 2019 Ankit Jain <ankitja@vmware.com> 4.19.6-6 |
|
| 390 |
+- Enable following for x86_64 and aarch64: |
|
| 391 |
+- Enable Kernel Address Space Layout Randomization. |
|
| 392 |
+- Enable CONFIG_SECURITY_NETWORK_XFRM |
|
| 389 | 393 |
* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-5 |
| 390 | 394 |
- Enable AppArmor by default. |
| 391 | 395 |
* Wed Jan 02 2019 Alexey Makhalov <amakhalov@vmware.com> 4.19.6-4 |