pygoscelis: Bump to 5.11.1-t14s and enable further security quirks

Implement some suggestions from https://github.com/a13xp0p0v/kconfig-hardened-check
2021-02-23 19:27:37 +01:00 · 2021-02-23 19:27:37 +01:00 · de8a4da71d
commit de8a4da71d
parent bee1798c4f
1 changed files with 12 additions and 14 deletions
--- a/26
+++ b/26
@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.11.0 Kernel Configuration
+# Linux/x86 5.11.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 10.2.0-r5 p6) 10.2.0"
 CONFIG_CC_IS_GCC=y
@ -252,7 +252,7 @@ CONFIG_SLUB_DEBUG=y
 # CONFIG_SLAB is not set
 CONFIG_SLUB=y
 # CONFIG_SLOB is not set
-CONFIG_SLAB_MERGE_DEFAULT=y
+# CONFIG_SLAB_MERGE_DEFAULT is not set
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
@ -403,7 +403,6 @@ CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y
 CONFIG_ARCH_SPARSEMEM_ENABLE=y
 CONFIG_ARCH_SPARSEMEM_DEFAULT=y
 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
-CONFIG_ARCH_PROC_KCORE_TEXT=y
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_X86_PMEM_LEGACY_DEVICE=y
 CONFIG_X86_PMEM_LEGACY=y
@ -657,7 +656,6 @@ CONFIG_AS_TPAUSE=y
 #
 # General architecture-dependent options
 #
-CONFIG_CRASH_CORE=y
 CONFIG_HOTPLUG_SMT=y
 CONFIG_GENERIC_ENTRY=y
 CONFIG_HAVE_OPROFILE=y
@ -1586,7 +1584,7 @@ CONFIG_SCSI_MOD=y
 # CONFIG_RAID_ATTRS is not set
 CONFIG_SCSI=y
 CONFIG_SCSI_DMA=y
-CONFIG_SCSI_PROC_FS=y
+# CONFIG_SCSI_PROC_FS is not set

 #
 # SCSI support type (disk, tape, CD-ROM)
@ -2076,7 +2074,7 @@ CONFIG_DEVMEM=y
 # CONFIG_DEVKMEM is not set
 CONFIG_NVRAM=y
 # CONFIG_RAW_DRIVER is not set
-CONFIG_DEVPORT=y
+# CONFIG_DEVPORT is not set
 CONFIG_HPET=y
 # CONFIG_HPET_MMAP is not set
 # CONFIG_HANGCHECK_TIMER is not set
@ -4569,7 +4567,7 @@ CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
 # Pseudo filesystems
 #
 CONFIG_PROC_FS=y
-CONFIG_PROC_KCORE=y
+# CONFIG_PROC_KCORE is not set
 CONFIG_PROC_SYSCTL=y
 CONFIG_PROC_PAGE_MONITOR=y
 CONFIG_PROC_CHILDREN=y
@ -4729,7 +4727,7 @@ CONFIG_PAGE_TABLE_ISOLATION=y
 # CONFIG_SECURITY_PATH is not set
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
-CONFIG_HARDENED_USERCOPY_FALLBACK=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
 CONFIG_HARDENED_USERCOPY_PAGESPAN=y
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
@ -5170,7 +5168,7 @@ CONFIG_PTDUMP_CORE=y
 CONFIG_HAVE_DEBUG_KMEMLEAK=y
 # CONFIG_DEBUG_KMEMLEAK is not set
 # CONFIG_DEBUG_STACK_USAGE is not set
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
 CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y
 # CONFIG_DEBUG_VM is not set
 # CONFIG_DEBUG_VM_PGTABLE is not set
@ -5241,14 +5239,14 @@ CONFIG_WARN_ALL_UNSEEDED_RANDOM=y
 #
 # Debug kernel data structures
 #
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PLIST is not set
-# CONFIG_DEBUG_SG is not set
-# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_DEBUG_SG=y
+CONFIG_DEBUG_NOTIFIERS=y
+CONFIG_BUG_ON_DATA_CORRUPTION=y
 # end of Debug kernel data structures

-# CONFIG_DEBUG_CREDENTIALS is not set
+CONFIG_DEBUG_CREDENTIALS=y

 #
 # RCU Debugging