Created
January 15, 2018 17:36
-
-
Save compiaffe/50943043746274420ea06ec8be2a941a to your computer and use it in GitHub Desktop.
Partial kernel configuration log for applying patch-realsense-ubuntu-xenial.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Aufs (Advanced multi layered unification filesystem) support (AUFS_FS) [N/m/y/?] (NEW) | |
* | |
* Security options | |
* | |
Enable access key retention support (KEYS) [Y/?] y | |
Enable register of persistent per-UID keyrings (PERSISTENT_KEYRINGS) [Y/n/?] y | |
Large payload keys (BIG_KEYS) [Y/n/?] y | |
TRUSTED KEYS (TRUSTED_KEYS) [Y/n/m/?] y | |
ENCRYPTED KEYS (ENCRYPTED_KEYS) [Y/?] y | |
Diffie-Hellman operations on retained keys (KEY_DH_OPERATIONS) [Y/n/?] y | |
Restrict unprivileged access to the kernel syslog (SECURITY_DMESG_RESTRICT) [N/y/?] n | |
Restrict unprivileged use of performance events (SECURITY_PERF_EVENTS_RESTRICT) [N/y/?] (NEW) | |
Enable different security models (SECURITY) [Y/n/?] y | |
Enable the securityfs filesystem (SECURITYFS) [Y/?] y | |
Socket and Networking Security Hooks (SECURITY_NETWORK) [Y/?] y | |
XFRM (IPSec) Networking Security Hooks (SECURITY_NETWORK_XFRM) [Y/n/?] y | |
Security hooks for pathname based access control (SECURITY_PATH) [Y/?] y | |
Enable Intel(R) Trusted Execution Technology (Intel(R) TXT) (INTEL_TXT) [Y/n/?] y | |
Low address space for LSM to protect from user allocation (LSM_MMAP_MIN_ADDR) [0] 0 | |
Harden memory copies between kernel and userspace (HARDENED_USERCOPY) [Y/n/?] y | |
Refuse to copy allocations that span multiple pages (HARDENED_USERCOPY_PAGESPAN) [N/y/?] n | |
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y | |
NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [Y/n/?] y | |
NSA SELinux boot parameter default value (SECURITY_SELINUX_BOOTPARAM_VALUE) [0] 0 | |
NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [Y/n/?] y | |
NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y | |
NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y | |
NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [1] 1 | |
Simplified Mandatory Access Control Kernel Support (SECURITY_SMACK) [Y/n/?] y | |
Reporting on access granted by Smack rules (SECURITY_SMACK_BRINGUP) [N/y/?] n | |
Packet marking using secmarks for netfilter (SECURITY_SMACK_NETFILTER) [Y/n/?] y | |
Treat delivering signals as an append operation (SECURITY_SMACK_APPEND_SIGNALS) [Y/n/?] y | |
TOMOYO Linux Support (SECURITY_TOMOYO) [Y/n/?] y | |
Default maximal count for learning mode (SECURITY_TOMOYO_MAX_ACCEPT_ENTRY) [2048] 2048 | |
Default maximal count for audit log (SECURITY_TOMOYO_MAX_AUDIT_LOG) [1024] 1024 | |
Activate without calling userspace policy loader. (SECURITY_TOMOYO_OMIT_USERSPACE_LOADER) [N/y/?] n | |
Location of userspace policy loader (SECURITY_TOMOYO_POLICY_LOADER) [/sbin/tomoyo-init] /sbin/tomoyo-init | |
Trigger for calling userspace policy loader (SECURITY_TOMOYO_ACTIVATION_TRIGGER) [/sbin/init] /sbin/init | |
AppArmor support (SECURITY_APPARMOR) [Y/n/?] y | |
AppArmor boot parameter default value (SECURITY_APPARMOR_BOOTPARAM_VALUE) [1] 1 | |
enable debug statistics (SECURITY_APPARMOR_STATS) [N/y/?] (NEW) | |
Set init to unconfined on boot (SECURITY_APPARMOR_UNCONFINED_INIT) [Y/n/?] (NEW) | |
Enable introspection of sha1 hashes for loaded profiles (SECURITY_APPARMOR_HASH) [Y/n/?] y | |
Enable policy hash introspection by default (SECURITY_APPARMOR_HASH_DEFAULT) [Y/n/?] y | |
Pin load of kernel files (modules, fw, etc) to one filesystem (SECURITY_LOADPIN) [N/y/?] n | |
Yama support (SECURITY_YAMA) [Y/n/?] y | |
Integrity subsystem (INTEGRITY) [Y/n/?] y | |
Digital signature verification using multiple keyrings (INTEGRITY_SIGNATURE) [Y/n/?] y | |
Enable asymmetric keys support (INTEGRITY_ASYMMETRIC_KEYS) [Y/n/?] y | |
Require all keys on the integrity keyrings be signed (INTEGRITY_TRUSTED_KEYRING) [Y/?] y | |
Enables integrity auditing support (INTEGRITY_AUDIT) [Y/n/?] y | |
Integrity Measurement Architecture(IMA) (IMA) [Y/n/?] y | |
Default template | |
1. ima (IMA_TEMPLATE) | |
> 2. ima-ng (default) (IMA_NG_TEMPLATE) | |
3. ima-sig (IMA_SIG_TEMPLATE) | |
choice[1-3?]: 2 | |
Default integrity hash algorithm | |
> 1. SHA1 (default) (IMA_DEFAULT_HASH_SHA1) | |
2. SHA256 (IMA_DEFAULT_HASH_SHA256) | |
3. SHA512 (IMA_DEFAULT_HASH_SHA512) | |
4. WP512 (IMA_DEFAULT_HASH_WP512) | |
choice[1-4?]: 1 | |
Enable multiple writes to the IMA policy (IMA_WRITE_POLICY) [Y/n/?] y | |
Enable reading back the current IMA policy (IMA_READ_POLICY) [Y/n/?] y | |
Appraise integrity measurements (IMA_APPRAISE) [Y/n/?] y | |
Require all keys on the .ima keyring be signed (deprecated) (IMA_TRUSTED_KEYRING) [Y/n/?] y | |
Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL) (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY) [Y/n/?] y | |
Create IMA machine owner blacklist keyrings (EXPERIMENTAL) (IMA_BLACKLIST_KEYRING) [Y/n/?] y | |
Load X509 certificate onto the '.ima' trusted keyring (IMA_LOAD_X509) [N/y/?] n | |
EVM support (EVM) [Y/n/?] y | |
FSUUID (version 2) (EVM_ATTR_FSUUID) [Y/n/?] y | |
Additional SMACK xattrs (EVM_EXTRA_SMACK_XATTRS) [Y/n/?] y | |
Load an X509 certificate onto the '.evm' trusted keyring (EVM_LOAD_X509) [N/y/?] n | |
Default security module | |
1. SELinux (DEFAULT_SECURITY_SELINUX) | |
2. Simplified Mandatory Access Control (DEFAULT_SECURITY_SMACK) | |
3. TOMOYO (DEFAULT_SECURITY_TOMOYO) | |
> 4. AppArmor (DEFAULT_SECURITY_APPARMOR) | |
5. Unix Discretionary Access Controls (DEFAULT_SECURITY_DAC) | |
choice[1-5?]: 4 | |
* | |
* Asymmetric (public-key cryptographic) key type | |
* | |
Asymmetric (public-key cryptographic) key type (ASYMMETRIC_KEY_TYPE) [Y/?] y | |
Asymmetric public-key crypto algorithm subtype (ASYMMETRIC_PUBLIC_KEY_SUBTYPE) [Y/?] y | |
X.509 certificate parser (X509_CERTIFICATE_PARSER) [Y/?] y | |
PKCS#7 message parser (PKCS7_MESSAGE_PARSER) [Y/?] y | |
PKCS#7 testing key type (PKCS7_TEST_KEY) [M/n/y/?] m | |
Support for PE file signature verification (SIGNED_PE_FILE_VERIFICATION) [Y/n/?] y | |
EFI signature list parser (EFI_SIGNATURE_LIST_PARSER) [N/y/?] (NEW) | |
* | |
* Library routines | |
* | |
Generic logical IO management (LIBIO) [N/y/?] (NEW) | |
CRC-CCITT functions (CRC_CCITT) [Y/?] y | |
CRC16 functions (CRC16) [Y/?] y | |
CRC calculation for the T10 Data Integrity Field (CRC_T10DIF) [Y/?] y | |
CRC ITU-T V.41 functions (CRC_ITU_T) [M/y/?] m | |
CRC32/CRC32c functions (CRC32) [Y/?] y | |
CRC32 perform self test on init (CRC32_SELFTEST) [N/y/?] n | |
CRC32 implementation | |
> 1. Slice by 8 bytes (CRC32_SLICEBY8) | |
2. Slice by 4 bytes (CRC32_SLICEBY4) | |
3. Sarwate's Algorithm (one byte at a time) (CRC32_SARWATE) | |
4. Classic Algorithm (one bit at a time) (CRC32_BIT) | |
choice[1-4?]: 1 | |
CRC7 functions (CRC7) [M/y/?] m | |
CRC32c (Castagnoli, et al) Cyclic Redundancy-Check (LIBCRC32C) [M/y/?] m | |
CRC8 function (CRC8) [M/y/?] m | |
PRNG perform self test on init (RANDOM32_SELFTEST) [N/y/?] n | |
XZ decompression support (XZ_DEC) [Y/?] y | |
x86 BCJ filter decoder (XZ_DEC_X86) [Y/n] y | |
PowerPC BCJ filter decoder (XZ_DEC_POWERPC) [Y/n] y | |
IA-64 BCJ filter decoder (XZ_DEC_IA64) [Y/n] y | |
ARM BCJ filter decoder (XZ_DEC_ARM) [Y/n] y | |
ARM-Thumb BCJ filter decoder (XZ_DEC_ARMTHUMB) [Y/n] y | |
SPARC BCJ filter decoder (XZ_DEC_SPARC) [Y/n] y | |
XZ decompressor tester (XZ_DEC_TEST) [M/n/y/?] m | |
glob self-test on init (GLOB_SELFTEST) [N/y/?] n | |
CORDIC algorithm (CORDIC) [M/y/?] m | |
JEDEC DDR data (DDR) [Y/n/?] y | |
IRQ polling library (IRQ_POLL) [Y/?] y | |
Select compiled-in fonts (FONTS) [N/y/?] n | |
# | |
# configuration written to .config | |
# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment