From f656bbbaa663dcdb73e1f0bb5e72349b228f742a Mon Sep 17 00:00:00 2001 From: "Mathieu J. Poirier" Date: Sun, 25 Sep 2011 13:25:08 -0600 Subject: Config file and enforce rules for ubuntu on N900. Signed-off-by: Mathieu J. Poirier --- arch/arm/configs/meego_n9xx_defconfig | 99 +++++++++++++++++++++++++---------- debian.master/config/enforce | 4 +- 2 files changed, 74 insertions(+), 29 deletions(-) diff --git a/arch/arm/configs/meego_n9xx_defconfig b/arch/arm/configs/meego_n9xx_defconfig index a9930cb5df8..aae626619dd 100644 --- a/arch/arm/configs/meego_n9xx_defconfig +++ b/arch/arm/configs/meego_n9xx_defconfig @@ -33,10 +33,10 @@ CONFIG_IRQ_WORK=y # CONFIG_EXPERIMENTAL=y CONFIG_INIT_ENV_ARG_LIMIT=32 -# CONFIG_INIT_PASS_ALL_PARAMS is not set +CONFIG_INIT_PASS_ALL_PARAMS=y CONFIG_CROSS_COMPILE="" CONFIG_LOCALVERSION="" -CONFIG_LOCALVERSION_AUTO=y +# CONFIG_LOCALVERSION_AUTO is not set CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_LZMA=y CONFIG_HAVE_KERNEL_LZO=y @@ -122,7 +122,7 @@ CONFIG_PERF_EVENTS=y # CONFIG_PERF_COUNTERS is not set # CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_VM_EVENT_COUNTERS=y -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set @@ -459,8 +459,8 @@ CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_LEDS=y CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set -# CONFIG_SECCOMP is not set -# CONFIG_CC_STACKPROTECTOR is not set +CONFIG_SECCOMP=y +CONFIG_CC_STACKPROTECTOR=y # CONFIG_DEPRECATED_PARAM_STRUCT is not set # @@ -555,12 +555,12 @@ CONFIG_IP_PNP_RARP=y # CONFIG_NET_IPGRE_DEMUX is not set # CONFIG_IP_MROUTE is not set # CONFIG_ARPD is not set -# CONFIG_SYN_COOKIES is not set +CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # CONFIG_INET_XFRM_TUNNEL is not set -# CONFIG_INET_TUNNEL is not set +CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_XFRM_MODE_BEET=y @@ -571,7 +571,26 @@ CONFIG_INET_TCP_DIAG=y CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_TCP_CONG="cubic" # CONFIG_TCP_MD5SIG is not set -# CONFIG_IPV6 is not set +CONFIG_IPV6=y +# CONFIG_IPV6_PRIVACY is not set +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +# CONFIG_INET6_AH is not set +# CONFIG_INET6_ESP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_INET6_XFRM_TUNNEL is not set +# CONFIG_INET6_TUNNEL is not set +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +# CONFIG_IPV6_TUNNEL is not set +# CONFIG_IPV6_MULTIPLE_TABLES is not set +# CONFIG_IPV6_MROUTE is not set # CONFIG_NETLABEL is not set # CONFIG_NETWORK_SECMARK is not set # CONFIG_NETWORK_PHY_TIMESTAMPING is not set @@ -595,6 +614,13 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_IP_NF_QUEUE is not set # CONFIG_IP_NF_IPTABLES is not set # CONFIG_IP_NF_ARPTABLES is not set + +# +# IPv6: Netfilter Configuration +# +# CONFIG_NF_DEFRAG_IPV6 is not set +# CONFIG_IP6_NF_QUEUE is not set +# CONFIG_IP6_NF_IPTABLES is not set # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set @@ -820,7 +846,7 @@ CONFIG_BLK_DEV_LOOP=y # CONFIG_BLK_DEV_UB is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 -CONFIG_BLK_DEV_RAM_SIZE=16384 +CONFIG_BLK_DEV_RAM_SIZE=65536 # CONFIG_BLK_DEV_XIP is not set # CONFIG_CDROM_PKTCDVD is not set # CONFIG_ATA_OVER_ETH is not set @@ -877,7 +903,17 @@ CONFIG_SCSI_LOWLEVEL=y # CONFIG_ATA is not set CONFIG_MD=y # CONFIG_BLK_DEV_MD is not set -# CONFIG_BLK_DEV_DM is not set +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +# CONFIG_DM_CRYPT is not set +# CONFIG_DM_SNAPSHOT is not set +# CONFIG_DM_MIRROR is not set +# CONFIG_DM_RAID is not set +# CONFIG_DM_ZERO is not set +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set # CONFIG_TARGET_CORE is not set CONFIG_NETDEVICES=y # CONFIG_DUMMY is not set @@ -1112,7 +1148,7 @@ CONFIG_INPUT_MISC=y # CONFIG_INPUT_CM109 is not set CONFIG_INPUT_TWL4030_PWRBUTTON=y # CONFIG_INPUT_TWL4030_VIBRA is not set -# CONFIG_INPUT_UINPUT is not set +CONFIG_INPUT_UINPUT=y # CONFIG_INPUT_PCF8574 is not set # CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set # CONFIG_INPUT_ADXL34X is not set @@ -1143,7 +1179,7 @@ CONFIG_UNIX98_PTYS=y # CONFIG_SERIAL_NONSTANDARD is not set # CONFIG_N_GSM is not set # CONFIG_TRACE_SINK is not set -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -1760,7 +1796,7 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # # Miscellaneous USB options # -CONFIG_USB_DEVICEFS=y +# CONFIG_USB_DEVICEFS is not set CONFIG_USB_DEVICE_CLASS=y # CONFIG_USB_DYNAMIC_MINORS is not set CONFIG_USB_SUSPEND=y @@ -2056,6 +2092,7 @@ CONFIG_QUOTACTL=y # CONFIG_AUTOFS4_FS is not set # CONFIG_FUSE_FS is not set # CONFIG_OVERLAYFS_FS is not set +CONFIG_GENERIC_ACL=y # # Caches @@ -2086,14 +2123,14 @@ CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_SYSFS=y CONFIG_TMPFS=y -# CONFIG_TMPFS_POSIX_ACL is not set -# CONFIG_TMPFS_XATTR is not set +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y # CONFIG_HUGETLB_PAGE is not set # CONFIG_CONFIGFS_FS is not set CONFIG_MISC_FILESYSTEMS=y # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set -# CONFIG_ECRYPT_FS is not set +CONFIG_ECRYPT_FS=y # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set @@ -2317,7 +2354,7 @@ CONFIG_KPROBE_EVENT=y CONFIG_HAVE_ARCH_KGDB=y # CONFIG_KGDB is not set # CONFIG_TEST_KSTRTOX is not set -# CONFIG_STRICT_DEVMEM is not set +CONFIG_STRICT_DEVMEM=y CONFIG_ARM_UNWIND=y # CONFIG_DEBUG_USER is not set CONFIG_DEBUG_LL=y @@ -2332,15 +2369,16 @@ CONFIG_KEYS=y # CONFIG_KEYS_DEBUG_PROC_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y -# CONFIG_SECURITYFS is not set +CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set -# CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_PATH=y # CONFIG_SECURITY_TOMOYO is not set # CONFIG_SECURITY_APPARMOR is not set -# CONFIG_SECURITY_YAMA is not set +CONFIG_SECURITY_YAMA=y # CONFIG_IMA is not set -CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_DEFAULT_SECURITY="" +CONFIG_DEFAULT_SECURITY_YAMA=y +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_DEFAULT_SECURITY="yama" CONFIG_CRYPTO=y # @@ -2348,13 +2386,20 @@ CONFIG_CRYPTO=y # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y -# CONFIG_CRYPTO_MANAGER is not set -# CONFIG_CRYPTO_MANAGER2 is not set +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_PCOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y # CONFIG_CRYPTO_GF128MUL is not set # CONFIG_CRYPTO_NULL is not set # CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_WORKQUEUE=y # CONFIG_CRYPTO_CRYPTD is not set # CONFIG_CRYPTO_AUTHENC is not set # CONFIG_CRYPTO_TEST is not set @@ -2369,10 +2414,10 @@ CONFIG_CRYPTO_HASH2=y # # Block modes # -# CONFIG_CRYPTO_CBC is not set +CONFIG_CRYPTO_CBC=y # CONFIG_CRYPTO_CTR is not set # CONFIG_CRYPTO_CTS is not set -# CONFIG_CRYPTO_ECB is not set +CONFIG_CRYPTO_ECB=y # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set @@ -2390,7 +2435,7 @@ CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_CRC32C=y # CONFIG_CRYPTO_GHASH is not set # CONFIG_CRYPTO_MD4 is not set -# CONFIG_CRYPTO_MD5 is not set +CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=y # CONFIG_CRYPTO_RMD128 is not set # CONFIG_CRYPTO_RMD160 is not set diff --git a/debian.master/config/enforce b/debian.master/config/enforce index 634ebf33673..2aa17a154ed 100644 --- a/debian.master/config/enforce +++ b/debian.master/config/enforce @@ -23,8 +23,8 @@ value CONFIG_SECURITY_YAMA y !exists CONFIG_COMPAT_VDSO | value CONFIG_COMPAT_VDSO n !exists CONFIG_ACPI_CUSTOM_METHOD | value CONFIG_ACPI_CUSTOM_METHOD n # Default to 32768 on ARM, 65536 for everything else. -( ( arch armel | arch armhf ) & value CONFIG_DEFAULT_MMAP_MIN_ADDR 32768 ) | \ - ( value CONFIG_DEFAULT_MMAP_MIN_ADDR 65536) +#( ( arch armel | arch armhf ) & value CONFIG_DEFAULT_MMAP_MIN_ADDR 32768 ) | \ +# ( value CONFIG_DEFAULT_MMAP_MIN_ADDR 65536) # CONFIG_USB_DEVICE_FS breaks udev USB firmware loading and is deprecated # ensure it is disabled. -- cgit v1.2.3