| Kconfig (78dc53c422172a317adb0776dfb687057ffa28b7) | Kconfig (79bd9814e5ec9a288d6599f53aeac0b548fdfe52) |
|---|---|
| 1config ARCH 2 string 3 option env="ARCH" 4 5config KERNELVERSION 6 string 7 option env="KERNELVERSION" 8 --- 270 unchanged lines hidden (view full) --- 279 help 280 Enable auditing infrastructure that can be used with another 281 kernel subsystem, such as SELinux (which requires this for 282 logging of avc messages output). Does not do system-call 283 auditing without CONFIG_AUDITSYSCALL. 284 285config AUDITSYSCALL 286 bool "Enable system-call auditing support" | 1config ARCH 2 string 3 option env="ARCH" 4 5config KERNELVERSION 6 string 7 option env="KERNELVERSION" 8 --- 270 unchanged lines hidden (view full) --- 279 help 280 Enable auditing infrastructure that can be used with another 281 kernel subsystem, such as SELinux (which requires this for 282 logging of avc messages output). Does not do system-call 283 auditing without CONFIG_AUDITSYSCALL. 284 285config AUDITSYSCALL 286 bool "Enable system-call auditing support" |
| 287 depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) | 287 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) |
| 288 default y if SECURITY_SELINUX 289 help 290 Enable low-overhead system-call auditing infrastructure that 291 can be used independently or with another kernel subsystem, 292 such as SELinux. 293 294config AUDIT_WATCH 295 def_bool y 296 depends on AUDITSYSCALL 297 select FSNOTIFY 298 299config AUDIT_TREE 300 def_bool y 301 depends on AUDITSYSCALL 302 select FSNOTIFY 303 | 288 default y if SECURITY_SELINUX 289 help 290 Enable low-overhead system-call auditing infrastructure that 291 can be used independently or with another kernel subsystem, 292 such as SELinux. 293 294config AUDIT_WATCH 295 def_bool y 296 depends on AUDITSYSCALL 297 select FSNOTIFY 298 299config AUDIT_TREE 300 def_bool y 301 depends on AUDITSYSCALL 302 select FSNOTIFY 303 |
| 304config AUDIT_LOGINUID_IMMUTABLE 305 bool "Make audit loginuid immutable" 306 depends on AUDIT 307 help 308 The config option toggles if a task setting its loginuid requires 309 CAP_SYS_AUDITCONTROL or if that task should require no special permissions 310 but should instead only allow setting its loginuid if it was never 311 previously set. On systems which use systemd or a similar central 312 process to restart login services this should be set to true. On older 313 systems in which an admin would typically have to directly stop and 314 start processes this should be set to false. Setting this to true allows 315 one to drop potentially dangerous capabilites from the login tasks, 316 but may not be backwards compatible with older init systems. 317 |
|
| 304source "kernel/irq/Kconfig" 305source "kernel/time/Kconfig" 306 307menu "CPU/Task time and stats accounting" 308 309config VIRT_CPU_ACCOUNTING 310 bool 311 --- 23 unchanged lines hidden (view full) --- 335 kernel entry and exit and on transitions within the kernel 336 between system, softirq and hardirq state, so there is a 337 small performance impact. In the case of s390 or IBM POWER > 5, 338 this also enables accounting of stolen time on logically-partitioned 339 systems. 340 341config VIRT_CPU_ACCOUNTING_GEN 342 bool "Full dynticks CPU time accounting" | 318source "kernel/irq/Kconfig" 319source "kernel/time/Kconfig" 320 321menu "CPU/Task time and stats accounting" 322 323config VIRT_CPU_ACCOUNTING 324 bool 325 --- 23 unchanged lines hidden (view full) --- 349 kernel entry and exit and on transitions within the kernel 350 between system, softirq and hardirq state, so there is a 351 small performance impact. In the case of s390 or IBM POWER > 5, 352 this also enables accounting of stolen time on logically-partitioned 353 systems. 354 355config VIRT_CPU_ACCOUNTING_GEN 356 bool "Full dynticks CPU time accounting" |
| 343 depends on HAVE_CONTEXT_TRACKING 344 depends on HAVE_VIRT_CPU_ACCOUNTING_GEN | 357 depends on HAVE_CONTEXT_TRACKING && 64BIT |
| 345 select VIRT_CPU_ACCOUNTING 346 select CONTEXT_TRACKING 347 help 348 Select this option to enable task and CPU time accounting on full 349 dynticks systems. This accounting is implemented by watching every 350 kernel-user boundaries using the context tracking subsystem. 351 The accounting is thus performed at the expense of some significant 352 overhead. --- 473 unchanged lines hidden (view full) --- 826 depends on ARCH_WANTS_PROT_NUMA_PROT_NONE 827 depends on NUMA_BALANCING 828 829config NUMA_BALANCING_DEFAULT_ENABLED 830 bool "Automatically enable NUMA aware memory/task placement" 831 default y 832 depends on NUMA_BALANCING 833 help | 358 select VIRT_CPU_ACCOUNTING 359 select CONTEXT_TRACKING 360 help 361 Select this option to enable task and CPU time accounting on full 362 dynticks systems. This accounting is implemented by watching every 363 kernel-user boundaries using the context tracking subsystem. 364 The accounting is thus performed at the expense of some significant 365 overhead. --- 473 unchanged lines hidden (view full) --- 839 depends on ARCH_WANTS_PROT_NUMA_PROT_NONE 840 depends on NUMA_BALANCING 841 842config NUMA_BALANCING_DEFAULT_ENABLED 843 bool "Automatically enable NUMA aware memory/task placement" 844 default y 845 depends on NUMA_BALANCING 846 help |
| 834 If set, automatic NUMA balancing will be enabled if running on a NUMA | 847 If set, autonumic NUMA balancing will be enabled if running on a NUMA |
| 835 machine. 836 837config NUMA_BALANCING 838 bool "Memory placement aware NUMA scheduler" 839 depends on ARCH_SUPPORTS_NUMA_BALANCING 840 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY 841 depends on SMP && NUMA && MIGRATION 842 help 843 This option adds support for automatic NUMA aware memory/task placement. 844 The mechanism is quite primitive and is based on migrating memory when | 848 machine. 849 850config NUMA_BALANCING 851 bool "Memory placement aware NUMA scheduler" 852 depends on ARCH_SUPPORTS_NUMA_BALANCING 853 depends on !ARCH_WANT_NUMA_VARIABLE_LOCALITY 854 depends on SMP && NUMA && MIGRATION 855 help 856 This option adds support for automatic NUMA aware memory/task placement. 857 The mechanism is quite primitive and is based on migrating memory when |
| 845 it has references to the node the task is running on. | 858 it is references to the node the task is running on. |
| 846 847 This system will be inactive on UMA systems. 848 849menuconfig CGROUPS 850 boolean "Control Group support" | 859 860 This system will be inactive on UMA systems. 861 862menuconfig CGROUPS 863 boolean "Control Group support" |
| 851 depends on EVENTFD | |
| 852 help 853 This option adds support for grouping sets of processes together, for 854 use with process control subsystems such as Cpusets, CFS, memory 855 controls or device isolation. 856 See 857 - Documentation/scheduler/sched-design-CFS.txt (CFS) 858 - Documentation/cgroups/ (features for grouping, isolation 859 and resource control) --- 50 unchanged lines hidden (view full) --- 910 help 911 This option enables controller independent resource accounting 912 infrastructure that works with cgroups. 913 914config MEMCG 915 bool "Memory Resource Controller for Control Groups" 916 depends on RESOURCE_COUNTERS 917 select MM_OWNER | 864 help 865 This option adds support for grouping sets of processes together, for 866 use with process control subsystems such as Cpusets, CFS, memory 867 controls or device isolation. 868 See 869 - Documentation/scheduler/sched-design-CFS.txt (CFS) 870 - Documentation/cgroups/ (features for grouping, isolation 871 and resource control) --- 50 unchanged lines hidden (view full) --- 922 help 923 This option enables controller independent resource accounting 924 infrastructure that works with cgroups. 925 926config MEMCG 927 bool "Memory Resource Controller for Control Groups" 928 depends on RESOURCE_COUNTERS 929 select MM_OWNER |
| 930 select EVENTFD |
|
| 918 help 919 Provides a memory resource controller that manages both anonymous 920 memory and page cache. (See Documentation/cgroups/memory.txt) 921 922 Note that setting this option increases fixed memory overhead 923 associated with each page of memory in the system. By this, 924 8(16)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory 925 usage tracking struct at boot. Total amount of this is printed out --- 223 unchanged lines hidden (view full) --- 1149 help 1150 While the nececessary conversions are being added to all subsystems this option allows 1151 the code to continue to build for unconverted subsystems. 1152 1153 Say Y here if you want the strict type checking enabled 1154 1155config SCHED_AUTOGROUP 1156 bool "Automatic process group scheduling" | 931 help 932 Provides a memory resource controller that manages both anonymous 933 memory and page cache. (See Documentation/cgroups/memory.txt) 934 935 Note that setting this option increases fixed memory overhead 936 associated with each page of memory in the system. By this, 937 8(16)bytes/PAGE_SIZE on 32(64)bit system will be occupied by memory 938 usage tracking struct at boot. Total amount of this is printed out --- 223 unchanged lines hidden (view full) --- 1162 help 1163 While the nececessary conversions are being added to all subsystems this option allows 1164 the code to continue to build for unconverted subsystems. 1165 1166 Say Y here if you want the strict type checking enabled 1167 1168config SCHED_AUTOGROUP 1169 bool "Automatic process group scheduling" |
| 1157 select EVENTFD | |
| 1158 select CGROUPS 1159 select CGROUP_SCHED 1160 select FAIR_GROUP_SCHED 1161 help 1162 This option optimizes the scheduler for common desktop workloads by 1163 automatically creating and populating task groups. This separation 1164 of workloads isolates aggressive CPU burners (like build jobs) from 1165 desktop applications. Task group autogeneration is currently based --- 484 unchanged lines hidden (view full) --- 1650config RT_MUTEXES 1651 boolean 1652 1653config BASE_SMALL 1654 int 1655 default 0 if BASE_FULL 1656 default 1 if !BASE_FULL 1657 | 1170 select CGROUPS 1171 select CGROUP_SCHED 1172 select FAIR_GROUP_SCHED 1173 help 1174 This option optimizes the scheduler for common desktop workloads by 1175 automatically creating and populating task groups. This separation 1176 of workloads isolates aggressive CPU burners (like build jobs) from 1177 desktop applications. Task group autogeneration is currently based --- 484 unchanged lines hidden (view full) --- 1662config RT_MUTEXES 1663 boolean 1664 1665config BASE_SMALL 1666 int 1667 default 0 if BASE_FULL 1668 default 1 if !BASE_FULL 1669 |
| 1658config SYSTEM_TRUSTED_KEYRING 1659 bool "Provide system-wide ring of trusted keys" 1660 depends on KEYS 1661 help 1662 Provide a system keyring to which trusted keys can be added. Keys in 1663 the keyring are considered to be trusted. Keys may be added at will 1664 by the kernel from compiled-in data and from hardware key stores, but 1665 userspace may only add extra keys if those keys can be verified by 1666 keys already in the keyring. 1667 1668 Keys in this keyring are used by module signature checking. 1669 | |
| 1670menuconfig MODULES 1671 bool "Enable loadable module support" 1672 option modules 1673 help 1674 Kernel modules are small pieces of compiled code which can 1675 be inserted in the running kernel, rather than being 1676 permanently built into the kernel. You use the "modprobe" 1677 tool to add (and sometimes remove) them. If you say Y here, --- 57 unchanged lines hidden (view full) --- 1735 see exactly which source was used to build a module (since 1736 others sometimes change the module source without updating 1737 the version). With this option, such a "srcversion" field 1738 will be created for all modules. If unsure, say N. 1739 1740config MODULE_SIG 1741 bool "Module signature verification" 1742 depends on MODULES | 1670menuconfig MODULES 1671 bool "Enable loadable module support" 1672 option modules 1673 help 1674 Kernel modules are small pieces of compiled code which can 1675 be inserted in the running kernel, rather than being 1676 permanently built into the kernel. You use the "modprobe" 1677 tool to add (and sometimes remove) them. If you say Y here, --- 57 unchanged lines hidden (view full) --- 1735 see exactly which source was used to build a module (since 1736 others sometimes change the module source without updating 1737 the version). With this option, such a "srcversion" field 1738 will be created for all modules. If unsure, say N. 1739 1740config MODULE_SIG 1741 bool "Module signature verification" 1742 depends on MODULES |
| 1743 select SYSTEM_TRUSTED_KEYRING | |
| 1744 select KEYS 1745 select CRYPTO 1746 select ASYMMETRIC_KEY_TYPE 1747 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1748 select PUBLIC_KEY_ALGO_RSA 1749 select ASN1 1750 select OID_REGISTRY 1751 select X509_CERTIFICATE_PARSER --- 111 unchanged lines hidden --- | 1743 select KEYS 1744 select CRYPTO 1745 select ASYMMETRIC_KEY_TYPE 1746 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1747 select PUBLIC_KEY_ALGO_RSA 1748 select ASN1 1749 select OID_REGISTRY 1750 select X509_CERTIFICATE_PARSER --- 111 unchanged lines hidden --- |