* Enabled Kernel Address Space Layout Randomization
* Enabled CONFIG_SECURITY_NETWORK_XFRM
Change-Id: I7ea0d9051e4183f19d3d7cdf572981116774c023
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6475
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Ajay Kaher <akaher@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
... | ... |
@@ -412,7 +412,11 @@ CONFIG_CRASH_DUMP=y |
412 | 412 |
# CONFIG_KEXEC_JUMP is not set |
413 | 413 |
CONFIG_PHYSICAL_START=0x1000000 |
414 | 414 |
CONFIG_RELOCATABLE=y |
415 |
-# CONFIG_RANDOMIZE_BASE is not set |
|
415 |
+CONFIG_RANDOMIZE_BASE=y |
|
416 |
+CONFIG_X86_NEED_RELOCS=y |
|
417 |
+CONFIG_DYNAMIC_MEMORY_LAYOUT=y |
|
418 |
+CONFIG_RANDOMIZE_MEMORY=y |
|
419 |
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa |
|
416 | 420 |
CONFIG_PHYSICAL_ALIGN=0x1000000 |
417 | 421 |
CONFIG_HOTPLUG_CPU=y |
418 | 422 |
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set |
... | ... |
@@ -5332,7 +5336,7 @@ CONFIG_SECURITY=y |
5332 | 5332 |
CONFIG_SECURITYFS=y |
5333 | 5333 |
CONFIG_SECURITY_NETWORK=y |
5334 | 5334 |
CONFIG_PAGE_TABLE_ISOLATION=y |
5335 |
-# CONFIG_SECURITY_NETWORK_XFRM is not set |
|
5335 |
+CONFIG_SECURITY_NETWORK_XFRM=y |
|
5336 | 5336 |
CONFIG_SECURITY_PATH=y |
5337 | 5337 |
CONFIG_INTEL_TXT=y |
5338 | 5338 |
CONFIG_LSM_MMAP_MIN_ADDR=65536 |
... | ... |
@@ -452,7 +452,9 @@ CONFIG_ARM64_UAO=y |
452 | 452 |
# CONFIG_ARM64_RAS_EXTN is not set |
453 | 453 |
# CONFIG_ARM64_SVE is not set |
454 | 454 |
CONFIG_ARM64_MODULE_PLTS=y |
455 |
-# CONFIG_RANDOMIZE_BASE is not set |
|
455 |
+CONFIG_RELOCATABLE=y |
|
456 |
+CONFIG_RANDOMIZE_BASE=y |
|
457 |
+CONFIG_RANDOMIZE_MODULE_REGION_FULL=y |
|
456 | 458 |
|
457 | 459 |
# |
458 | 460 |
# Boot options |
... | ... |
@@ -5605,7 +5607,7 @@ CONFIG_ENCRYPTED_KEYS=m |
5605 | 5605 |
CONFIG_SECURITY=y |
5606 | 5606 |
CONFIG_SECURITYFS=y |
5607 | 5607 |
CONFIG_SECURITY_NETWORK=y |
5608 |
-# CONFIG_SECURITY_NETWORK_XFRM is not set |
|
5608 |
+CONFIG_SECURITY_NETWORK_XFRM=y |
|
5609 | 5609 |
CONFIG_SECURITY_PATH=y |
5610 | 5610 |
CONFIG_LSM_MMAP_MIN_ADDR=65536 |
5611 | 5611 |
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 | 4 |
Version: 4.19.6 |
5 |
-Release: 5%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 6%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -386,6 +386,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
386 | 386 |
%endif |
387 | 387 |
|
388 | 388 |
%changelog |
389 |
+* Wed Jan 09 2019 Ankit Jain <ankitja@vmware.com> 4.19.6-6 |
|
390 |
+- Enable following for x86_64 and aarch64: |
|
391 |
+- Enable Kernel Address Space Layout Randomization. |
|
392 |
+- Enable CONFIG_SECURITY_NETWORK_XFRM |
|
389 | 393 |
* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-5 |
390 | 394 |
- Enable AppArmor by default. |
391 | 395 |
* Wed Jan 02 2019 Alexey Makhalov <amakhalov@vmware.com> 4.19.6-4 |