From b9500c206c44854d2c542978a7b6a2405c90d7f5 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 17 Feb 2011 19:05:11 -0600 Subject: main/linux-grsec: enable XEN and XEN_DOM0 [x86_64 only] --- main/linux-grsec/APKBUILD | 4 +-- main/linux-grsec/kernelconfig.x86_64 | 58 ++++++++++++++++++++++-------------- 2 files changed, 37 insertions(+), 25 deletions(-) (limited to 'main/linux-grsec') diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 45ff957ad9..d3e9a3d661 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.37 _kernver=2.6.37 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -140,4 +140,4 @@ firmware() { md5sums="c8ee37b4fdccdb651e0603d35350b434 linux-2.6.37.tar.bz2 f56bdcd16fa540cddf075be6842edaaa grsecurity-2.2.1-2.6.37-201102121148.patch 5d3fee9fda0762c1366fd1aca81ac1b9 kernelconfig.x86 -582fd6e2e33bd4fc1f0b14f2909e4637 kernelconfig.x86_64" +abdfbef1635ddc88b3a53626aec09eb8 kernelconfig.x86_64" diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index d52c6fdaf1..807c93990c 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux/x86_64 2.6.37 Kernel Configuration -# Thu Feb 17 18:39:42 2011 +# Thu Feb 17 18:59:09 2011 # CONFIG_64BIT=y # CONFIG_X86_32 is not set @@ -142,7 +142,6 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y CONFIG_EMBEDDED=y -CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_EXTRA_PASS is not set @@ -214,7 +213,6 @@ CONFIG_STOP_MACHINE=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y # CONFIG_BLK_DEV_INTEGRITY is not set -CONFIG_BLOCK_COMPAT=y # # IO Schedulers @@ -271,8 +269,13 @@ CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_VSMP is not set CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_PARAVIRT_GUEST=y -# CONFIG_XEN is not set -# CONFIG_XEN_PRIVILEGED_GUEST is not set +CONFIG_XEN=y +CONFIG_XEN_DOM0=y +CONFIG_XEN_PRIVILEGED_GUEST=y +CONFIG_XEN_PVHVM=y +CONFIG_XEN_MAX_DOMAIN_MEMORY=128 +CONFIG_XEN_SAVE_RESTORE=y +# CONFIG_XEN_DEBUG_FS is not set CONFIG_KVM_CLOCK=y CONFIG_KVM_GUEST=y CONFIG_PARAVIRT=y @@ -304,13 +307,11 @@ CONFIG_HPET_TIMER=y CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y CONFIG_GART_IOMMU=y -CONFIG_CALGARY_IOMMU=y -CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y -CONFIG_AMD_IOMMU=y -# CONFIG_AMD_IOMMU_STATS is not set +# CONFIG_CALGARY_IOMMU is not set +# CONFIG_AMD_IOMMU is not set CONFIG_SWIOTLB=y CONFIG_IOMMU_HELPER=y -CONFIG_IOMMU_API=y +# CONFIG_IOMMU_API is not set CONFIG_NR_CPUS=8 CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y @@ -466,8 +467,7 @@ CONFIG_INTEL_IDLE=y # # Memory power savings # -CONFIG_I7300_IDLE_IOAT_CHANNEL=y -CONFIG_I7300_IDLE=m +# CONFIG_I7300_IDLE is not set # # Bus options (PCI etc.) @@ -475,6 +475,7 @@ CONFIG_I7300_IDLE=m CONFIG_PCI=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y +CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y CONFIG_PCI_CNB20LE_QUIRK=y # CONFIG_DMAR is not set @@ -487,6 +488,7 @@ CONFIG_PCIEASPM=y CONFIG_ARCH_SUPPORTS_MSI=y CONFIG_PCI_MSI=y CONFIG_PCI_STUB=m +CONFIG_XEN_PCIDEV_FRONTEND=y CONFIG_HT_IRQ=y # CONFIG_PCI_IOV is not set CONFIG_PCI_IOAPIC=y @@ -522,18 +524,13 @@ CONFIG_HOTPLUG_PCI_SHPC=m # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y -CONFIG_COMPAT_BINFMT_ELF=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=m -CONFIG_IA32_EMULATION=y -# CONFIG_IA32_AOUT is not set -CONFIG_COMPAT=y -CONFIG_COMPAT_FOR_U64_ALIGNMENT=y -CONFIG_SYSVIPC_COMPAT=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_COMPAT_FOR_U64_ALIGNMENT is not set CONFIG_HAVE_TEXT_POKE_SMP=y CONFIG_NET=y -CONFIG_COMPAT_NETLINK_MESSAGES=y # # Networking options @@ -1161,7 +1158,7 @@ CONFIG_STANDALONE=y CONFIG_FW_LOADER=m # CONFIG_FIRMWARE_IN_KERNEL is not set CONFIG_EXTRA_FIRMWARE="" -# CONFIG_SYS_HYPERVISOR is not set +CONFIG_SYS_HYPERVISOR=y CONFIG_CONNECTOR=m CONFIG_MTD=m # CONFIG_MTD_DEBUG is not set @@ -1351,6 +1348,7 @@ CONFIG_CDROM_PKTCDVD=m CONFIG_CDROM_PKTCDVD_BUFFERS=8 # CONFIG_CDROM_PKTCDVD_WCACHE is not set CONFIG_ATA_OVER_ETH=m +CONFIG_XEN_BLKDEV_FRONTEND=y CONFIG_VIRTIO_BLK=m # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_RBD is not set @@ -2134,6 +2132,7 @@ CONFIG_IEEE802154_FAKEHARD=m CONFIG_CAIF_TTY=m CONFIG_CAIF_SPI_SLAVE=m # CONFIG_CAIF_SPI_SYNC is not set +CONFIG_XEN_NETDEV_FRONTEND=y CONFIG_FDDI=y CONFIG_DEFXX=m # CONFIG_DEFXX_MMIO is not set @@ -2239,6 +2238,7 @@ CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 CONFIG_INPUT_JOYDEV=m CONFIG_INPUT_EVDEV=m CONFIG_INPUT_EVBUG=m +CONFIG_XEN_KBDDEV_FRONTEND=m # # Input Device Drivers @@ -2435,6 +2435,8 @@ CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set CONFIG_PPDEV=m CONFIG_HVC_DRIVER=y +CONFIG_HVC_IRQ=y +CONFIG_HVC_XEN=y CONFIG_VIRTIO_CONSOLE=m CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set @@ -3477,6 +3479,7 @@ CONFIG_FB_TMIO=m CONFIG_FB_TMIO_ACCELL=y CONFIG_FB_SM501=m # CONFIG_FB_VIRTUAL is not set +CONFIG_XEN_FBDEV_FRONTEND=m CONFIG_FB_METRONOME=m CONFIG_FB_MB862XX=m # CONFIG_FB_MB862XX_PCI_GDC is not set @@ -4197,6 +4200,18 @@ CONFIG_UIO_AEC=m CONFIG_UIO_SERCOS3=m # CONFIG_UIO_PCI_GENERIC is not set CONFIG_UIO_NETX=m + +# +# Xen driver support +# +CONFIG_XEN_BALLOON=y +CONFIG_XEN_SCRUB_PAGES=y +CONFIG_XEN_DEV_EVTCHN=y +CONFIG_XENFS=y +CONFIG_XEN_COMPAT_XENFS=y +CONFIG_XEN_SYS_HYPERVISOR=y +CONFIG_XEN_PLATFORM_PCI=m +CONFIG_SWIOTLB_XEN=y CONFIG_STAGING=y # CONFIG_STAGING_EXCLUDE_BUILD is not set # CONFIG_ET131X is not set @@ -4389,7 +4404,6 @@ CONFIG_QUOTA_TREE=m CONFIG_QFMT_V1=m CONFIG_QFMT_V2=m CONFIG_QUOTACTL=y -CONFIG_QUOTACTL_COMPAT=y CONFIG_AUTOFS4_FS=m CONFIG_FUSE_FS=m # CONFIG_CUSE is not set @@ -4785,7 +4799,6 @@ CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set # CONFIG_PAX_ELFRELOCS is not set -# CONFIG_PAX_KERNEXEC is not set # # Address Space Layout Randomization @@ -4798,7 +4811,6 @@ CONFIG_PAX_RANDMMAP=y # Miscellaneous hardening features # # CONFIG_PAX_MEMORY_SANITIZE is not set -# CONFIG_PAX_MEMORY_UDEREF is not set CONFIG_PAX_REFCOUNT=y # CONFIG_PAX_USERCOPY is not set CONFIG_KEYS=y -- cgit v1.2.3