Skip to content

Instantly share code, notes, and snippets.

@compiaffe
Created January 15, 2018 17:36
Show Gist options
  • Save compiaffe/50943043746274420ea06ec8be2a941a to your computer and use it in GitHub Desktop.
Save compiaffe/50943043746274420ea06ec8be2a941a to your computer and use it in GitHub Desktop.
Partial kernel configuration log for applying patch-realsense-ubuntu-xenial.sh
Aufs (Advanced multi layered unification filesystem) support (AUFS_FS) [N/m/y/?] (NEW)
*
* Security options
*
Enable access key retention support (KEYS) [Y/?] y
Enable register of persistent per-UID keyrings (PERSISTENT_KEYRINGS) [Y/n/?] y
Large payload keys (BIG_KEYS) [Y/n/?] y
TRUSTED KEYS (TRUSTED_KEYS) [Y/n/m/?] y
ENCRYPTED KEYS (ENCRYPTED_KEYS) [Y/?] y
Diffie-Hellman operations on retained keys (KEY_DH_OPERATIONS) [Y/n/?] y
Restrict unprivileged access to the kernel syslog (SECURITY_DMESG_RESTRICT) [N/y/?] n
Restrict unprivileged use of performance events (SECURITY_PERF_EVENTS_RESTRICT) [N/y/?] (NEW)
Enable different security models (SECURITY) [Y/n/?] y
Enable the securityfs filesystem (SECURITYFS) [Y/?] y
Socket and Networking Security Hooks (SECURITY_NETWORK) [Y/?] y
XFRM (IPSec) Networking Security Hooks (SECURITY_NETWORK_XFRM) [Y/n/?] y
Security hooks for pathname based access control (SECURITY_PATH) [Y/?] y
Enable Intel(R) Trusted Execution Technology (Intel(R) TXT) (INTEL_TXT) [Y/n/?] y
Low address space for LSM to protect from user allocation (LSM_MMAP_MIN_ADDR) [0] 0
Harden memory copies between kernel and userspace (HARDENED_USERCOPY) [Y/n/?] y
Refuse to copy allocations that span multiple pages (HARDENED_USERCOPY_PAGESPAN) [N/y/?] n
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y
NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [Y/n/?] y
NSA SELinux boot parameter default value (SECURITY_SELINUX_BOOTPARAM_VALUE) [0] 0
NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [Y/n/?] y
NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y
NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y
NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [1] 1
Simplified Mandatory Access Control Kernel Support (SECURITY_SMACK) [Y/n/?] y
Reporting on access granted by Smack rules (SECURITY_SMACK_BRINGUP) [N/y/?] n
Packet marking using secmarks for netfilter (SECURITY_SMACK_NETFILTER) [Y/n/?] y
Treat delivering signals as an append operation (SECURITY_SMACK_APPEND_SIGNALS) [Y/n/?] y
TOMOYO Linux Support (SECURITY_TOMOYO) [Y/n/?] y
Default maximal count for learning mode (SECURITY_TOMOYO_MAX_ACCEPT_ENTRY) [2048] 2048
Default maximal count for audit log (SECURITY_TOMOYO_MAX_AUDIT_LOG) [1024] 1024
Activate without calling userspace policy loader. (SECURITY_TOMOYO_OMIT_USERSPACE_LOADER) [N/y/?] n
Location of userspace policy loader (SECURITY_TOMOYO_POLICY_LOADER) [/sbin/tomoyo-init] /sbin/tomoyo-init
Trigger for calling userspace policy loader (SECURITY_TOMOYO_ACTIVATION_TRIGGER) [/sbin/init] /sbin/init
AppArmor support (SECURITY_APPARMOR) [Y/n/?] y
AppArmor boot parameter default value (SECURITY_APPARMOR_BOOTPARAM_VALUE) [1] 1
enable debug statistics (SECURITY_APPARMOR_STATS) [N/y/?] (NEW)
Set init to unconfined on boot (SECURITY_APPARMOR_UNCONFINED_INIT) [Y/n/?] (NEW)
Enable introspection of sha1 hashes for loaded profiles (SECURITY_APPARMOR_HASH) [Y/n/?] y
Enable policy hash introspection by default (SECURITY_APPARMOR_HASH_DEFAULT) [Y/n/?] y
Pin load of kernel files (modules, fw, etc) to one filesystem (SECURITY_LOADPIN) [N/y/?] n
Yama support (SECURITY_YAMA) [Y/n/?] y
Integrity subsystem (INTEGRITY) [Y/n/?] y
Digital signature verification using multiple keyrings (INTEGRITY_SIGNATURE) [Y/n/?] y
Enable asymmetric keys support (INTEGRITY_ASYMMETRIC_KEYS) [Y/n/?] y
Require all keys on the integrity keyrings be signed (INTEGRITY_TRUSTED_KEYRING) [Y/?] y
Enables integrity auditing support (INTEGRITY_AUDIT) [Y/n/?] y
Integrity Measurement Architecture(IMA) (IMA) [Y/n/?] y
Default template
1. ima (IMA_TEMPLATE)
> 2. ima-ng (default) (IMA_NG_TEMPLATE)
3. ima-sig (IMA_SIG_TEMPLATE)
choice[1-3?]: 2
Default integrity hash algorithm
> 1. SHA1 (default) (IMA_DEFAULT_HASH_SHA1)
2. SHA256 (IMA_DEFAULT_HASH_SHA256)
3. SHA512 (IMA_DEFAULT_HASH_SHA512)
4. WP512 (IMA_DEFAULT_HASH_WP512)
choice[1-4?]: 1
Enable multiple writes to the IMA policy (IMA_WRITE_POLICY) [Y/n/?] y
Enable reading back the current IMA policy (IMA_READ_POLICY) [Y/n/?] y
Appraise integrity measurements (IMA_APPRAISE) [Y/n/?] y
Require all keys on the .ima keyring be signed (deprecated) (IMA_TRUSTED_KEYRING) [Y/n/?] y
Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL) (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY) [Y/n/?] y
Create IMA machine owner blacklist keyrings (EXPERIMENTAL) (IMA_BLACKLIST_KEYRING) [Y/n/?] y
Load X509 certificate onto the '.ima' trusted keyring (IMA_LOAD_X509) [N/y/?] n
EVM support (EVM) [Y/n/?] y
FSUUID (version 2) (EVM_ATTR_FSUUID) [Y/n/?] y
Additional SMACK xattrs (EVM_EXTRA_SMACK_XATTRS) [Y/n/?] y
Load an X509 certificate onto the '.evm' trusted keyring (EVM_LOAD_X509) [N/y/?] n
Default security module
1. SELinux (DEFAULT_SECURITY_SELINUX)
2. Simplified Mandatory Access Control (DEFAULT_SECURITY_SMACK)
3. TOMOYO (DEFAULT_SECURITY_TOMOYO)
> 4. AppArmor (DEFAULT_SECURITY_APPARMOR)
5. Unix Discretionary Access Controls (DEFAULT_SECURITY_DAC)
choice[1-5?]: 4
*
* Asymmetric (public-key cryptographic) key type
*
Asymmetric (public-key cryptographic) key type (ASYMMETRIC_KEY_TYPE) [Y/?] y
Asymmetric public-key crypto algorithm subtype (ASYMMETRIC_PUBLIC_KEY_SUBTYPE) [Y/?] y
X.509 certificate parser (X509_CERTIFICATE_PARSER) [Y/?] y
PKCS#7 message parser (PKCS7_MESSAGE_PARSER) [Y/?] y
PKCS#7 testing key type (PKCS7_TEST_KEY) [M/n/y/?] m
Support for PE file signature verification (SIGNED_PE_FILE_VERIFICATION) [Y/n/?] y
EFI signature list parser (EFI_SIGNATURE_LIST_PARSER) [N/y/?] (NEW)
*
* Library routines
*
Generic logical IO management (LIBIO) [N/y/?] (NEW)
CRC-CCITT functions (CRC_CCITT) [Y/?] y
CRC16 functions (CRC16) [Y/?] y
CRC calculation for the T10 Data Integrity Field (CRC_T10DIF) [Y/?] y
CRC ITU-T V.41 functions (CRC_ITU_T) [M/y/?] m
CRC32/CRC32c functions (CRC32) [Y/?] y
CRC32 perform self test on init (CRC32_SELFTEST) [N/y/?] n
CRC32 implementation
> 1. Slice by 8 bytes (CRC32_SLICEBY8)
2. Slice by 4 bytes (CRC32_SLICEBY4)
3. Sarwate's Algorithm (one byte at a time) (CRC32_SARWATE)
4. Classic Algorithm (one bit at a time) (CRC32_BIT)
choice[1-4?]: 1
CRC7 functions (CRC7) [M/y/?] m
CRC32c (Castagnoli, et al) Cyclic Redundancy-Check (LIBCRC32C) [M/y/?] m
CRC8 function (CRC8) [M/y/?] m
PRNG perform self test on init (RANDOM32_SELFTEST) [N/y/?] n
XZ decompression support (XZ_DEC) [Y/?] y
x86 BCJ filter decoder (XZ_DEC_X86) [Y/n] y
PowerPC BCJ filter decoder (XZ_DEC_POWERPC) [Y/n] y
IA-64 BCJ filter decoder (XZ_DEC_IA64) [Y/n] y
ARM BCJ filter decoder (XZ_DEC_ARM) [Y/n] y
ARM-Thumb BCJ filter decoder (XZ_DEC_ARMTHUMB) [Y/n] y
SPARC BCJ filter decoder (XZ_DEC_SPARC) [Y/n] y
XZ decompressor tester (XZ_DEC_TEST) [M/n/y/?] m
glob self-test on init (GLOB_SELFTEST) [N/y/?] n
CORDIC algorithm (CORDIC) [M/y/?] m
JEDEC DDR data (DDR) [Y/n/?] y
IRQ polling library (IRQ_POLL) [Y/?] y
Select compiled-in fonts (FONTS) [N/y/?] n
#
# configuration written to .config
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment